App Control: What are the differences between crawl levels of trusted directories?
Article ID: 288573
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
What are the differences between a top-level crawl and a deep crawl for a Windows trusted directory?
Environment
- App Control console: All versions
- Microsoft Windows: All supported versions
Resolution
Top Level Crawl (Windows only)
- A top-level crawl is the default crawl performed on Microsoft Windows endpoints for files added to a trusted directory
- Archive files (such as 7zip, bzip2, cab, gzip, iscab, iso, MSCompress, rar, zip, or tar files) in the trusted directory will have the contents expanded and crawled
- Any archives within an archive file will not have the contents expanded and crawled
Deep Level Crawl (Windows only)
- A deep crawl is an optional crawl which can be enabled on Microsoft Windows endpoints
- Archive files in the trusted directory will have the contents expanded and crawled
- Any archives within an archive file will also be expanded and crawled
Additional Information
- WIM files are typically not considered an archive by default
- This can be manually configured as explained in the User Guide
Feedback
Yes
No
Powered by
