...
Why
...
would
...
a
...
scan
...
filter
...
policy
...
that
...
targets
...
all
...
executables
...
return
...
a
...
lower
...
file
...
count
...
than
...
that
...
of
...
a
...
Windows
...
explorer
...
search?
...
Article
...
ID:
...
49439
Applies To
• Application Control Solution 6.1 SP1
Question
A Reference Machine Policy Scan returned 1566 EXE's compared to a Windows file search of the machine which returned 1640. Why would there be a difference of 74 items?
Answer
Just because there is a file that is a ".exe" does not necessarily mean it is in fact an executable. The following test was performed for comparative purposes:
A File Specification filter ("*.exe;
...
*.sys
...
NOT
...
Executable)
...
was
...
created
...
that
...
had
...
the
...
following
...
configuration:
...
- Wildcard
...
- "
...
- .exe;
...
- .sys"
...
- Exclude
...
- "Program
...
- File
...
- Executables"
...
The
...
file
...
scan
...
task
...
was
...
then
...
run
...
to
...
report
...
on
...
the
...
above
...
filter,
...
which
...
resulted
...
in
...
a
...
result
...
of
...
113
...
files
...
under
...
the
...
Windows
...
directory
...
on
...
a
...
test
...
server.
...
Most
...
of
...
these
...
are
...
related
...
to
...
Windows
...
Installer
...
(icon
...
files).
...
WDM
...
drivers
...
were
...
also
...
listed
...
(which
...
are
...
user
...
mode
...
DLLs).
...
A
...
scan
...
of
...
a
...
few
...
of
...
the
...
other
...
executables
...
listed
...
(non-exhaustive)
...
indicated
...
non-PE
...
COFF
...
headers
...
(invalid
...
PE
...
COFF
...
marker).
...