CB Defense: Does The Initial "Background Scan" Scan Network Drives?
search cancel

CB Defense: Does The Initial "Background Scan" Scan Network Drives?

book

Article ID: 287112

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

Does The Initial "Background Scan" Scan Network Drives?

Environment

  • CB Defense PSC Console: All Versions
  • CB Defense Sensor: All Versions
  • Microsoft Windows: All Supported Versions

Resolution

  • At this time background scans do not scan network drives.
  • The background scan searches through fixed file systems, performing a top-down search for files of interest, and tries to establish reputation for them. Files and directories that are given full bypass are skipped.

Additional Information

To expand on the algorithm: the sensor builds a list of drives by iterating through A: though Z:. It calls GetDriveTypeW() on each, checking if the return value is DRIVE_FIXED. If not, the drive is not processed. There is no facility to look for UNC paths at this time.
Powered by Wolken Software