CB Defense: Does The Initial "Background Scan" Scan Network Drives?
book
Article ID: 287112
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
Does The Initial "Background Scan" Scan Network Drives?
Environment
CB Defense PSC Console: All Versions
CB Defense Sensor: All Versions
Microsoft Windows: All Supported Versions
Resolution
At this time background scans do not scan network drives.
The background scan searches through fixed file systems, performing a top-down search for files of interest, and tries to establish reputation for them. Files and directories that are given full bypass are skipped.
Additional Information
To expand on the algorithm: the sensor builds a list of drives by iterating through A: though Z:. It calls GetDriveTypeW() on each, checking if the return value is DRIVE_FIXED. If not, the drive is not processed. There is no facility to look for UNC paths at this time.