Quasar Scan user guide
Scan Settings
Scan settings are sent to the agents and operate on per scan semantics. They are solely for the use of the scanner.
Clicking on the value for the appropriate setting on the Settings page will allow you to edit it.
Remember: Any time you change a setting, ensure that you hit the Enter key to commit the change.
Filesystem Scanner (fs_scanner)
bl_dirs
Description: A list of all directory names not to recurse into in the filesystem.
Default Value: enron, msaccess, winsxs, .svn, coverage, fpm, scans, .git (Values are case insensitive)
Note: These folders are never entered by the scanner. This can provide significant improvements to speed. However, the files in these folders will never appear in the blacklisted files list.
bl_file_ext
Description: A list of all file extensions to avoid scanning.
Default Value: qsa, dfm, dectest, enc, tcl, s3, jar, dae, kml, py, hpp, war (Values are case insensitive)
Note: If the Blacklisted option is selected under allowed_statuses, the blacklisted files will appear in the Files section of the Job tab.
bl_paths
Description: A list of all path fragments to remove from the file list before commencing file scanning. Using bl_paths is useful because it enables auth fragments with multiple folder names to be used as blacklisting rules.The file list generated by the Quasar Scanner is compared to the blacklist path fragments and any paths that have a substring matching an item from bl_paths are removed and reported as being blacklisted.
Default Value: HeightmapSeocndary, tzdata, MicrosoftHelpLibrarycontentMicrosoftstore, bfheroesLogs,Backend, joboptions, paraboloid-faces.dat.gz, WindowsSoftwareDistributionDownload, DriverStoreFileRepository, AllVCLanguageSamples.zip, CryptoRSAMachineKeys, Microsoft OfficeTemplates, Virtual Infrastructure Client/Help, Bookbig.xlsx/_MUSIC_CODES (Values are case insensitive)
Note: If the Blacklisted option is selected under allowed_statuses, the blacklisted files will appear in the Files section of the Job tab.
large_file_timeout
Description: The maximum time spent on any one file before it is marked as partial and the scan continues.
Default Value: 120.0
Units: Seconds
Recommendation We recommend setting this based on what you are scanning. In practice, most users have set this to either 2 minutes or 45 seconds. Partial files will be marked and recorded for follow up.
max_hits_per_file
Description: The maximum number of hits to emit from a single file before moving to the next file.
Default Value: 1000
Units: Number of hits
Note: A setting of 0 indicates no maximum.
progress_every
Description: This tells the agent how often to send updates to the server when a scan is in progress.
Default Value: 10.0
Units: Seconds
Etc: ?
use_vss
Description:
Default Value: OFF
Allowed Values:
OFF: do not use VSS
HARD: use and abort scan if VSS init fails
Etc:
Job Control (job)
k_ratio
Description: When performing the ‘fuzzy’ job-completion test, this is the minimum percentage of Agents that need to report a problem (e.g. Agents that do not report as DONE) before the job as a whole is considered to have failed and the job status is set to EXITED. If the percentage of Agents that report problems is smaller than the k_ratio, the job will be reported as COMPLETE.
Default Value: 30.0
Units: Percentage
Notes: When calculating the percentage of Agents that have failed to complete, the k_ratio considered Agents with SCHED, STARTING, RUNNING, and EXITED as having failed to complete.
Example: If the k_ratio is set to 30.0 and there are 100 Agents in the environment, if 29 Agents show an Agent status of RUNNING, the job will be marked as COMPLETE. If instead 31 Agents show an Agent status of RUNNING, the job will be marked as EXITED.
File Status and Path Reporting (path_reporter)
allowed_statuses
Description: By selecting any of these options, the Quasar Scanner will log FILE information for the selected statuses. If none of these options are selected, no information will be logged to Files in the Job tab. Default Value: (Empty list – click to edit)
Allowed Values: The following options can be selected for this setting:
- scanned: selecting this will show all files that have been scanned.
- unknown
- blacklisted: selecting this will show any files that are blacklisted due to settings in bl_dirs, bl_file_ext, and bl_paths.
- partial
- fileerror
- tlerror
- pluginerror
- peekerror
- walkerror
- whitelisted
- scanning
WARNING: Using scanned / unknown / blacklisted options will consume a large amount of DB space for mass-scan jobs. These options are intended for research / troubleshooting purposes only.
Performance Controls (performance)
process_priority
Description: The Windows scheduler process priority class.
Default Value:blank
Allowed Values:
blank
ABOVE_NORMAL
BELOW_NORMAL
HIGH
IDLE
NORMAL
Recommendation: Set to BELOW NORMAL or IDLE for busy servers. Read MSDNs “Scheduling Priorities (Windows)” for more information.
SQL Database Scanner (sql_scanner)
force_global
Description:
Default Value: 0
Allowed Values:
1 = DB specific settings are ignored
0 = specific settings override global preferences
Etc:
topnrows
Description: This setting should be used when you want to set a balance between the need to scan everything and the need to cap the scan time. If the value is left unconfigured, the result is that scans could take an unbounded amount of time when used on large tables.
Default Value: 999999
Units: Number of rows to scan
Recommendation: A common approach to determining the balance between scan time and scan completeness is as follows: 1. Set topnrows to a value between 1000-5000. 2. Run the scan to completion and measure the total time it takes. 3. Review the messages from the scan, located on the Jobs page under the appropriate job. Notes will be present about which tables contain more data. 4. Increase the value for topnrows. 5. Repeat steps 2-4 until the scan exceeds acceptable scan time or you are satisfied with the sampling coverage.
Card Data Scanner (text_scanner)
context_length
Description: The maximum length of before and after context data chunks.
Default Value: 80
Units: Characters
Etc:
TRACK Data Scanner (track_scanner)
min_length
Description: The minimum length a string needs to be before it will be track-scanned.
Default Value: 20
Units: Characters
Recommendation: The optimum length for this is just lower than the MinLen of the smallest track format.
tt_track1
Description: The format regex for scanning for Track1 data.
Default Value: (^%Bd{0,19}^[ws/]{2,26}^d{7}w*?$)
Units:
Etc:
tt_track2
Description: The format regex for scanning for Track 2 data.
Default Value: (;d{0,19}=d{7}w*?)
Units:
Etc: