Identify frequently scanned items from command line (Agentless only)

Use the scan diagnostic command line tool to calculate and display frequently scanning files, extensions, and VMs, on a system running the Agentless software. You can include these results in the path exclusion policies to exclude them from being scanned.

Before you begin

  • Make sure that the user is a root user, or has sudo permissions.
  • The name of the VM is resolved only when the vCenter is successfully registered in the SVM Settings policy using McAfee ePO. Otherwise, only the VM ID appears.

Access the command line interface (CLI) of the SVM to create and display this report.

This diagnostic tool captures these details:
  • Top 10 file scan requests.
  • Top 10 file extensions.
  • Top 10 virtual machines that are sending scan and checksum requests.

Task

  1. To calculate the frequently scanned files, run the command:
    >cd /opt/McAfee/move/bin>sudo ./scan_diagnostic or sudo /opt/McAfee/move/bin/scan_diagnostic.
    These parameters are available:
    Option Definition
    --help Shows how to use the command and its options.
    --time arg Specifies the time period, in seconds, set for calculating the frequently scanned files. For example, 60 seconds.
    --elements arg Specifies the number of entries to be captured and displayed in the result.
    --path arg Specifies the output folder path. The default path is /opt/McAfee/move/log.
    At the end of specified minutes, the tool completes the analysis and displays the results. The default allowed time limit is 1 minute.
  2. (Optional) Change the time limit by editing the svaconfig.xml file located at /opt/McAfee/move/etc/.
    Note: To stop the scan diagnostic tool while it is collecting the data, use the Ctrl+C keys.