To track the files currently being scanned:
-
Create a batch file and name it "ReadReg_LastFile.bat”
-
Paste the following contents into the batch file:
@echo off
> "%Temp%.\sleep.vbs" ECHO WScript.Sleep 3 * 1000
REM // Read Registry Information #1
set TESTA1=HKLM\SOFTWARE\Wow6432Node\TrendMicro\Pc-cillinNTCorp\CurrentVersion\Misc.
set TESTA2=LastScannedFileName
call :reg_read "%TESTA1%" "%TESTA2%" || (echo ERROR: no value found for LastScannedFileName & exit /b 1)
REM // Writes Registry Information to File
echo.%RETURN%|findstr "sleep.vbs output_file.txt" >nul 2>&1
if not errorlevel 1 (
REM Supressing, this script is used for this bat file
) else (
echo Log: LastScannedFileName=%RETURN%
echo %RETURN% >> C:\output_file.txt
)
CSCRIPT //NoLogo "%Temp%.\sleep.vbs"
%~dp0\ReadReg_LastFile.bat
exit /b 0
:reg_read <key> <value>
setlocal
set key=%~1
set value=%~2
REM // make one call to reg to make sure the KEY/VALUE exists before reading it
reg query "%key%" /v "%value%" 1>nul 2>&1 || (exit /b 1)
for /f "tokens=2,*" %%a in ('reg query "%key%" /v "%value%" ^| findstr /c:"%value%"') do (
set data=%%b
)
REM if {%data%}=={} (endlocal & exit /b 1)
endlocal & set RETURN=%data%
exit /b 0 - Open a Command Prompt with administrator privilege, and navigate to the directory where the batch file was created.
- Type “ReadReg_LastFile.bat” and press ENTER.
- Monitor the command window to see what files are currently being scanned.
You will be able to find which certain files or folders can be excluded in OfficeScan/Apex One. This information will also let you confirm their behavior.
To identify the last file scanned by the agent:
- Right-click Apex One system tray icon > Open Apex One Real-Time Monitor