Showing results for 
Search instead for 
Did you mean: 
Cisco Employee
Cisco Employee

Hello Everyone,

This script was designed to make up for the changes made to the history.db file after v5.0 was released. The goal is to help you identify what A4E is scanning in order to determine the best exclusions for your environment.

The attached bash script will allow you to convert your *debug* sfc.exe.log and sfc.exe_DATE_TIMESTAMP.log files to a CSV file. This CSV can then be used to see the following data:

1. Timestamp of when a file was scanned.

2. The path+filename of the scanned file.

3. The path+filename of the parent process.

When you run the script it will output the most active processes by count to the terminal. The list of scanned files will be located in the 'data.csv' file.

In order to use the script simply extract it to the same location as your log files and make it executable (chmod +x).

Run the script on its own with './' without the quotes.

Depending on how many log files you have it may be quick or take a couple of minutes. Remember that the more log files you have the better picture you will have of the activity on the system.

This script has been tested internally and works on Ubuntu, Ubuntu on Windows 10, and OSX. It is also *unsupported* by TAC.


Level 1
Level 1

Attached is a PowerShell version of the same process for those on Windows without the Linux subsystem.

Rename to .ps1 and run with PowerShell

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: