Skip to content

Filesystem Scanner installationπŸ”—

The SandboxAQ Filesystem Scanner (formerly Host Scanner) is a command-line application that scans the filesystem or a container image to find cryptographic material. The logged information is formatted for analysis by AQtive Guard.


  • Linux 64-bit
  • Windows 64-bit


The Filesystem Scanner is typically distributed as a .zip or .tar archive and can be downloaded from the AQtive Guard Web Interface:

  1. Select Sensors from the menu bar.
  2. Locate the appropriate Filesystem Scanner and select Download.

If you’re using the on-premise AQtive Guard, the Filesystem Scanner is typically distributed with the on-premise package.

Visit our support portal if you have questions or need help.

How it worksπŸ”—

Starting from the chosen root location, the Filesystem Scanner goes through every file in the directory tree below, recursively descending into all subdirectories (without pursuing symbolic links). It tests the initial bytes of each file against a set of detectors for supported formats.


The FileSystem Scanner alters the access timestamp of files but won’t alter the modification and change timestamps. Additionally, the scanner only performs read-only actions, so it won’t lock files for other processes. A file with a mandatory or exclusive lock placed on it by another process will be skipped by the scanner, but the scanner will be able to access and open files with advisory locks on them.

It parses the files and logs the cryptographic material in a format suitable for analysis by AQtive Guard. No sensitive data, such as private keys, is stored. In the case of encrypted keystores, if a password is provided, the Filesystem Scanner also attempts to decrypt the encrypted portions using that password.