Excluding Directories from BFI Software Scan – USGS Technical Support Teams

Excluding some directories from scanning is useful if the directories are large and contain no information that is important to the software inventory. By excluding them, you can speed up the scanning process. You can add directories or remove them from the list by using tasks in the BigFix console. You can also manually add them to the scanner files on particular endpoints.

Default Excluded Directories

By default, the following directories are excluded from software scans. Ensure that you do not remove them from the list. It might lead to untested and unsupported results in BigFix Inventory.

?:/$Recycle.Bin
?:/RECYCLER
%CSIDL_WINDOWS%/System32
%CSIDL_WINDOWS%/SysWOW64
%CSIDL_WINDOWS%/winsxs
%CSIDL_WINDOWS%/ServicePackFiles
%CSIDL_WINDOWS%/installer
%CSIDL_WINDOWS%/$NtUninstall
%CSIDL_WINDOWS%/$NtServicePackUninstall*$
%CSIDL_WINDOWS%/$hf_mig$
*/cache/out-of-date
*/eznim
*/perl/lib/*
*/perl5/*
*/temp
*/tmp
*/Temporary Internet Files
*/unicore/lib/*
/proc
/usr/lpp
/usr/src/kernels/*

Retrieving excluded directories

The list of all directories that are excluded from scanning can be retrieved by generating a system report using the IBM BigFix Web Reports site.

Log into the IBM BigFix Web Reports site – https://iem-reports.doi.net
Select the Explore Data option at the top of the web page.
Select Edit Columns to show the listing of available columns.
Select Excluded Directories (Excluded Directories), which will add this column to your current report view.

Results: The current Report view has been updated to make the Excluded Directories column visible and shows all directories on each system that are currently excluded from software scanning.

Adding excluded directories

To exclude a directory from being scanned, add it to the list, and then run the task against the chosen endpoints.

Log in to the IBM BigFix console (iem-ts1.doi.net).
In the navigation tree, click Sites > Custom Sites > USGS-Wide: Actions and Content, and then click Fixlets and Tasks.
Select the USGS-Wide: BFI Scan Add Excluded Directories task.
Specify which directories are to be excluded from scanning.
Click Take Action and select endpoints for which you want to apply the changes.

Results: You added new entries to the list of directories that are excluded from scanning.

Removing excluded directories

To include a directory back in the software scan, add it to the list, and then run the task against the chosen endpoints.

Note: Ensure that you do not remove the default directories from the list. It might lead to untested and unsupported results in BigFix Inventory.

Log in to the IBM BigFix console (iem-ts1.doi.net).
In the navigation tree, click Sites > Custom Sites > USGS-Wide: Actions and Content, and then click Fixlets and Tasks.
Select the USGS-Wide: BFI Scan Remove Excluded Directories task.
Specify which directories are to be removed from the list of excluded directories.
Click Take Action and select endpoints for which you want to apply the changes.

Results: You removed the entries from the list of directories that are excluded from scanning. Those directories are now scanned during the software scan.

Manually excluding directories

After you install the scanner, you can specify which directories are to be excluded from scanning during the raw scan of the file system.

Note: Ensure that you do not remove the default directories from the list. It might lead to untested and unsupported results in BigFix Inventory.

You specify those directories by adding paths to the exclude_path.txt file that is in the <BES Client>LMT/CIT directory. Each path must be added on a separate line. The file already contains some entries depending on the operating system. You can remove the content of the file which means that no paths are excluded from the scan. However, if you delete the whole file, it will be recreated with the default content before the next software scan.

Exclude File Path – <BES Client>/LMT/CIT/exclude_path.txt

Unless you exclude specific paths, all the following drives are included in the scan:

UNIX – All local drives and other drives, such as floppy disk, CD-ROM, and DVD.

Note: Remote drives are not scanned.

Windows – All local drives.

Specify paths according to the following syntax:

drive:path

Important: When you specify a path delimiter, you must use a forward slash (/) instead of a backslash (\). For example, C:/Program Files.

drive

Specifies the drive. Asterisks (*) and question marks (?) are supported. This variable is optional on UNIX.

path

Specifies the path. Asterisks (*) and question marks (?) are supported. This variable also supports the following CSIDL values on Windows:

%CSIDL_WINDOWS%
%CSIDL_PROGRAM_FILES%
%CSIDL_COMMON_DESKTOPDIRECTORY%
%CSIDL_COMMON_STARTMENU%
%CSIDL_COMMON_STARTMENU%
%CSIDL_COMMON_STARTUP%
%CSIDL_COMMON_PROGRAMS%

Important: The above CSIDL values already have a drive specified. If you use them, omit the drive variable.

Procedure for Manually Excluding Directories

Create and edit the exclude_path.txt file using a text editor of choice to include excluded locations in accordance with the syntax explained above.
Distribute the exclude_path.txt to the <BES Client>/LMT/CIT/ directory location for each applicable system. Customize the exclude file as required for each individual system.

Refer to the following examples when specifying your paths.

Excludes the System Volume Information folder on any local drive:

?:/System Volume Information (note – In this scenario, the ‘?’ wildcard means any drive)

Excludes the System32 folder on the local drive that is specified in the CSIDL value:

%CSIDL_WINDOWS%/System32 (note – In this scenario, the CSIDL points to C:\Windows)