Skip to main content

Scan Paths

Use this feature to create either a Allow list or Block list of paths/locations to restrict the locations inspected by the Software Vulnerability Manager scan.

You can add environment variables to the Allow list and Block list in the Scan Paths view. The environment variables will be resolved to the full path by the windows agent while scanning a host and will appropriately be either scanned or skipped.

For Example:

If %windir% is added to the Block list in the Scan Paths, then the agent will skip C:\Windows folder and its subfolders while scanning a host.

Click Add Allow list Rule or Add Block list Rule and enter the Name, Path and Site (optional) details.

note

By checking the Log blocked paths when found option, while adding a path to the Blocked List, the paths will be recorded for your awareness. The products associated with logged paths will be available in the Completed Scans under the Blocked Results tab. These paths will not be considered for the applicability rules while generating an SPS patch. If masking is enabled and you wish to log an absolute path which is maskable, then such a path will not be excluded from the Scan Results.

info

This feature is applicable to RHEL only if Log blocked paths when found option enabled in the Block List.

If using the Allow list, all the locations listed will be inspected by the scanner and any other locations are excluded from Software Vulnerability Manager inspections.

If using the Block list, all the locations/paths block-listed will be ignored and any other paths are inspected by the Software Vulnerability Manager scan.

info

Use this feature with caution. By using the Scan Path Rules some of your paths will be excluded from the scan and Software Vulnerability Manager will not alert you towards excluded insecure products, even if they potentially expose your hosts to security threats.

All logged paths will be set to Yes in the new column named Logged in the Block List view.

info

It is not possible to simultaneously use both a Block list and a Allow list.

  • To exclude Microsoft One Drive files from agent scan, add "\OneDrive" to you block list.

  • To exclude Dropbox files from agent scan, add "\Dropbox" to you block list.

  • To exclude Box.net files from agent scan, add "\Box" to you block list.