Custom on-demand scan task criteria for "All removable drives"
Last Modified: 2022-09-30 10:12:00 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Custom on-demand scan task criteria for "All removable drives"
Technical Articles ID:
KB96025
Last Modified: 2022-09-30 10:12:00 Etc/GMT Environment
Endpoint Security (ENS) Threat Prevention 10.x
Summary
When creating a custom on-demand scan (ODS) task, you might need to include more scan targets to make sure that all removable media is scanned.
Problem
If you create a custom ODS task that only has the option "All removable drives" specified, a USB external drive connected to the system isn't scanned. But, the task scans a USB thumb drive connected to the same system.
CauseThe USB external drive is a local drive from the operating system's point of view. The custom ODS task that only scans "removable" drives views the drive as local and not removable. Drive D: Description Removable disk Drive E: Description Local hard disk In this example, C The BIOS determines whether a drive is classified as an external or local drive. You can check whether the behavior is consistently reproducible with the same external drive on different systems. If so, it indicates a problem with the formatting of that drive and the way the BIOS recognizes it as a local drive rather than an external drive. From the ENS ODS point of view, the custom ODS scan task does what it's configured to do - it scans only removable media. To determine whether a drive is identified as fixed or removable, run the following command from an administrator command prompt: Example:
Solution
Open Windows Explorer, navigate to the USB external drive, right-click, and select scan for threats. Or, add a scan location to your custom ODS task for "All local drives."
Affected ProductsLanguages:This article is available in the following languages: |
|