Rules for file system scan
Based on the contents of the Software element in the agent configuration file, the agent creates a ruleset determining what parts of the file system to include in the scan.
The agent creates the ruleset for the file system scan according to the following process:
-
The agent checks for content in <Software><Include>.
-
If no include path is specified:
-
Linux, Unix, and macOS: no ruleset is created, and no files will be included in the scan. The procedure is terminated and will not continue with steps 2 and 3.
-
Windows: all local drives are added to the ruleset and represent starting points for the scan. The procedure continues with step 3.
-
-
If one or more include paths are specified, each path is added to the ruleset and represents a starting point for the scan.
The paths must be specified according to the rules for include paths.
-
Any content that does not begin with a drive letter (c:) or root (/), does not include a path separator (\ or /), and includes a wildcard is interpreted as a file name extension and is placed in the global extension list.
-
-
If at least one complete include path has been specified, the agent checks for content in the global extension list. The content, if any, is added to the endpoints of each path in the ruleset created in step 1.
-
The agent checks for content in <Software><Exclude>. Any specified exclude paths are added to the ruleset created in steps 1 and 2.
The paths must be specified according to the rules for exclude paths.
The agent traverses the file system in accordance with the created rule set. Beginning from each defined starting point, it scans the locations specified by the include path and any added global extensions, skipping locations specified by any matching exclude path.
Rules for include paths
An include path:
-
Must be an absolute path, that is, begin with a drive letter (c:, d: etc.) or root (/).
-
Can include a wildcard (*)
-
At most one wildcard may be used per directory.
-
Exactly one wildcard must be used in file names. If the wildcard is not included, it will not be treated as a file name.
-
-
Is by default not recursive.
To make the include path recursive, use <Path recursive="true">.
EXAMPLE
-
c:\Windows
is the same asc:\Windows\*
-
c:\program files\*
-
c:\
is the same asc:\*
-
/usr/local
is the same as/usr/local/*
-
/usr/*/bin
is the same as/usr/*/bin/*
-
/folder1/folder2
is the same as/folder1/folder2/*
, while/folder1/folder2*
means all files beginning withfolder2
in/folder1
. -
Recursive versus non-recursive include path:
<Path recursive="true">/folder1/folder2
will result in the subdirectories of /folder1/folder2
being scanned./folder1/folder2
will only result in/folder1/folder2
being scanned, not the subdirectories of/folder1/folder2
.
Rules for exclude paths
Exclude paths follow the same rules as include paths, with the following exceptions:
-
An exclude path does not have to be an absolute path; the drive letter (c:, d: etc.) or root (/) at the beginning of the path can be replaced with a wildcard (*).
-
Exclude paths are recursive by default.
-
An exclude path can be configured to be matched against the entire path instead of a per-directory or file level, see Enable pattern matching on the entire path.
Just as for include paths, exclude paths can specify file name patterns like *.dll
.
EXAMPLE
-
Include path:
/folder1/folder2/*
Exclude path:
/folder1/folder2/a
Result: The entire directory
/folder1/folder2/a
will be excluded, but any other directory under/folder1/folder2/
will be included. -
Include path:
/folder1/*/folder2
Exclude path:
/folder1/b/folder2
Result:
/folder1/a/folder2
and/folder1/c/folder2
will be included, but not/folder1/b/folder2
. -
Include path:
<Path recursive="true">/folder1
Exclude path:
/folder1/*/folder2
Result:
/folder1/a/folder2
and/folder1/c/folder2
will be excluded while/folder1/a/a
and/folder1/b/b
will be included. -
Include path:
<Path recursive="true">/folder1/folder2
Exclude path:
/folder1/folder2/*.py
Result:
*py
files within/folder1/folder2
and its subfolders will be excluded.
Enable pattern matching on the entire path
Using pattern matching can be useful if, for example, all directories having the same name should be excluded, regardless of their location.
To enable pattern matching, add the prefix exp:
to the exclude path. Examples:
-
exp:*\install*
-
exp:/folder1/folder2/*
-
exp:/folder1/folder2/*
The wildcard (*) means match zero or more occurrences of any character. It can be used any number of times in the expression.
All other characters are matched either case-sensitive (Linux) or case-insensitive (macOS and Windows), depending on the operating system.
When the feature is enabled the recursive option is redundant since pattern matching applies to the entire path.
-
Enabling this feature will reduce the speed of the scan. For example, using pattern matching exclusively to determine what to be scanned may have a high impact on the scan time. It is recommended to use pattern matching in combination with include paths.
-
Wildcards and the placement of '/' and '\' are important;
*/install*
,/*install/*
, and*/install
overlap, but do not match the same paths. Remember that the pattern matches against the entire path.
EXAMPLE
-
exp:*\install\*
will exclude all files and folders in any path that has a directory named install, such asc:\company_name\install\application.exe
-
exp:*\install*
will exclude all files and folders in any path that has a directory beginning with the word install, such asc:\company_name\install files\application.exe
, as well asc:\a\b\install.exe
Global extension list
Any content in Software/Include that does not begin with a drive letter (c:
) or root (/
), does not include a path separator (\
or /
), and includes a wildcard is considered to be a file name extension and is placed in the global extension list. The contents of the global extension list are applied each include path endpoint.
Specifying a file name extension pattern causes paths, such as /a/*
, to no longer include all files, but only those that have any of the specified file extensions. The exception to this rule is an extension/wildcard in a path, like /folder1/folder2/*.py
, which adds all .py-files in /folder1/folder2
.
EXAMPLE
-
*.py
-
*.exe
-
*abc.txt
: files ending in abc.txt -
def*
: files beginning with def