Portal User asked a question.
SCANNING BASED ON KEYWORDS
Hi,
Can we achieve the keyword based scanning using Snow Agent like if any one kept file in his machine with unknown extension but having some keywords like torrent, crack & keygen in the file name.
Is the above possible with Snow Agent if yes then please suggest a way for the same.
Thanks,
Kishan Pant
You can define an "Application" in SLM SMACC that would have a set of detection rules based on those keywords.
But to cover thoroughly each client, you would need to scan more folders than what the agent normally scans. This could affect the client's performance during the scan.
You can create a custom application inside "SMACC \ SLM \ Software Recognition" for that purpose and specify such rules to match the installations path.
Executable path:
%\%crack%\...
You can create a custom application inside "SMACC \ SLM \ Software Recognition" for that purpose and specify such rules to match the installations path.
Executable path:
%\%crack%\...
Hi Samuel/Gonçalo,
Is there any thing changes need to be done at the Snow Agent side means how it'll look for the keywords and match in the user machine?
For enabling more extensions we can add under <FileType>....</FileType> and like same anything need to add in configuration.
Thanks,
Kishan Pant
Hi Kishan,
Yes, the agent needs to be adjusted to scan for all the folders you want and you need to make sure that the file types include everything you plan to scan for. I think the Snow Agent config file needs to be adjusted but also the SMACC where you must define what file extensions are accepted.
For this reason, using the Snow Agent to scan widely for unwanted software would mean that you scan pretty much all files on the client. This will take significantly long and will flood your database ... and probably slow down your DUJ catastrophically.
I assume this is the reason why by default the agent only scans for a handful of extensions and in few key folders.
Hi Kishan,
I wouldnt recomend you to do that with Snow agent for the reasons stated already by @Samuel Baughan​.
I am aware that several AV like Symantec Endpoint Protection can detected and isolate (or remove) installations like cracks or keygen if properly configured.
Hi Samuel Baughan, Gonçalo Morgado
Thanks for the responses.
I will discuss the same with client who wants the implement the same.
Thank a lot!!
Kind regards,
Kishan Pant