cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Review Scanned Files from AMP for Endpoints on Windows for Exclusions

5942
Views
10
Helpful
1
Comments

Hello Everyone,

This script was designed to make up for the changes made to the history.db file after v5.0 was released. The goal is to help you identify what A4E is scanning in order to determine the best exclusions for your environment.

The attached bash script will allow you to convert your *debug* sfc.exe.log and sfc.exe_DATE_TIMESTAMP.log files to a CSV file. This CSV can then be used to see the following data:

1. Timestamp of when a file was scanned.

2. The path+filename of the scanned file.

3. The path+filename of the parent process.

When you run the script it will output the most active processes by count to the terminal. The list of scanned files will be located in the 'data.csv' file.

In order to use the script simply extract it to the same location as your log files and make it executable (chmod +x).

Run the script on its own with './handle_count.sh' without the quotes.

Depending on how many log files you have it may be quick or take a couple of minutes. Remember that the more log files you have the better picture you will have of the activity on the system.

This script has been tested internally and works on Ubuntu, Ubuntu on Windows 10, and OSX. It is also *unsupported* by TAC.

Thanks!

Comments
Eagle117_2
Beginner

Attached is a PowerShell version of the same process for those on Windows without the Linux subsystem.

Rename to .ps1 and run with PowerShell

Create
Recognize Your Peers
Polls
Which of these topics should we host an event in the Community?

Top Choice: pxGrid (35%)

Content for Community-Ad