App Control: Trusted Directory Crawl of WIM or ISO Files Fails with "Found No Interesting Content" Event
search cancel

App Control: Trusted Directory Crawl of WIM or ISO Files Fails with "Found No Interesting Content" Event

book

Article ID: 288998

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

  • Trusted directory approval of WIM or ISO files does not work
  • Console events with Subtype "Trusted Directory scan" and description:
Top level pre-approval scan has succeeded and found no interesting content for 'c:\td\en_windows_10_version_1903_aug_2019_x64_dvd_.iso'. Error:No interesting files Duration[29sec 990ms] Approval ID: 4. Job ID: 18.

Environment

  • App Control¬†Agent: All Support Versions
  • Microsoft Windows: All Supported Versions

Cause

There is not enough free disk space available on the system hosting the trusted directory to extract the content on the WIM or ISO files
The ISO or WIM contain multiple Windows versions Pro, Pro N, Enterprise for the same release (e.g. 1903) which requires significant disk space for extraction

Resolution

  1. Add more disk space to the system
  2. Extract a smaller Windows version specific WIM file using the DISM command-line tool

Additional Information

  • When the agent crawls the WIM file it extracts its content to a temp folder located in this directory - "C:\ProgramData\Bit9\Parity Agent\crawl"
  • Using an archiving tool like "7zip" to extract the content of the WIM file will tell immediately how much space is needed