Hello Everyone,
This script was designed to make up for the changes made to the history.db file after v5.0 was released. The goal is to help you identify what A4E is scanning in order to determine the best exclusions for your environment.
The attached bash script will allow you to convert your *debug* sfc.exe.log and sfc.exe_DATE_TIMESTAMP.log files to a CSV file. This CSV can then be used to see the following data:
1. Timestamp of when a file was scanned.
2. The path+filename of the scanned file.
3. The path+filename of the parent process.
When you run the script it will output the most active processes by count to the terminal. The list of scanned files will be located in the 'data.csv' file.
In order to use the script simply extract it to the same location as your log files and make it executable (chmod +x).
Run the script on its own with './handle_count.sh' without the quotes.
Depending on how many log files you have it may be quick or take a couple of minutes. Remember that the more log files you have the better picture you will have of the activity on the system.
This script has been tested internally and works on Ubuntu, Ubuntu on Windows 10, and OSX. It is also *unsupported* by TAC.
Thanks!