Windows Filesystem Scanner getting started guide↑
This guide explains how to use the SandboxAQ Filesystem Scanner (formerly Host Scanner) to obtain a cryptography scan from the filesystem in Windows.
Installation↑
The Windows Filesystem Scanner is distributed as a zip package named cs-host-scanner-<VERSION>-x86_64-<PLATFORM>.zip
. When you extract
this package, it creates a directory named cs-host-scanner-<VERSION>-x86_64-<PLATFORM>
that contains an
executable cs-host-scanner
file, the required libraries for Windows, and a README
file. For
instance:
cs-host-scanner-0.9.6-x86_64-windows\
├── cs-host-scanner.exe
├── libffi-6.dll
├── libgmp-10.dll
├── zlib1.dll
└── README.md
You can move the cs-host-scanner-<VERSION>-x86_64-<PLATFORM>
directory anywhere on your system.
Caution
If you move the executable file, make sure to also move the DLLs. They must be in the same directory.
Scanning a Filesystem↑
Navigate to a directory where you have write permissions to store scan results.
Move the following executable file and libraries to your chosen directory:
- cs-host-scanner.exe
- libffi-6.dll
- libgmp-10.dll
- zlib1.dll
then run:
.\cs-host-scanner.exe `
--root \path\to\a\root\directory `
--root \path\to\another\root\directory `
--output scan.cst.gz
Note
--root
parameter can be provided multiple times, for instance once for each available drive.
When the Filesystem Scanner has finished executing, the directory you chose earlier will contain the generated trace file.
You can change the directory where the Filesystem Scanner generates traces with the --output
option.
Upload the trace to AQtive Guard to run an analysis and generate a report. Refer to these instructions:
- Web Interface - Uploading a new trace
- API - Upload a trace using the API Client
Note
Refer to the Filesystem Scanner reference for details on scanning .NET Framework applications and for a list of available parameters.
Scanning windows certificate stores↑
The Filesystem Scanner can scan Windows Certificate Stores for certificates. When configured, it scans all available stores under the CurrentUser
and LocalMachine
locations.
In order to achieve this, navigate to a directory where you have write permissions to store scan results.
Move the following executable file and libraries to your chosen directory:
- cs-host-scanner.exe
- libffi-6.dll
- libgmp-10.dll
- zlib1.dll
then run:
Note
--root
and --scan-windows-stores
can be used together, for instance to scan multiple drives and Windows certificate stores in a single command.