Looking through my Trusted Files I notice that Rating Scans list only those files of applications which have been accessed - in other words, files and services that have been loaded into active memory.
Rating Scans are not listing all files that reside on my system.
Is my understanding correct?
Can someone please confirm what I am seeing when running a Rating Scan?
The User’s Guide is unclear on a number of points, so I really could use some expert input on this matter for correct understanding - and not thinking that CIS 7 is not working properly.
A Rating Scan
Only scans the modules loaded into active memory - as opposed to all files residing on all system storage devices.
NOTE: Since the Rating Scan only examines modules loaded into active memory the returned Rating Scan results will vary each time depending upon what applications/system software are/is running. In other words, successive Rating Scans may continually find new “Unknown” files as applications are run or system software is accessed by applications.
When I apply the selected action “No Action” to Unknown Files the Rating Scan action changes from “No Action” to “Ignored.”
NOTE-1: Since the files have been “Ignored” they will be listed again as “Unknown” upon completion of the next Rating Scan.
NOTE-2: The files that the Rating Scan lists as “Unknown” are not automatically transferred to the “Unrecognized File” list. They are entered onto that list by Defense+ only at the moment that they are executed.
I would greatly appreciate confirmation that this is how a CIS 7 Rating Scan is designed to work.