Creating the List of Applications on the Reference Device

You need to generate a list of the applications on your reference device. This is a Windows device with a tightly-controlled disk image that contains the typical applications used on protected Endpoint devices in your organization. If you have several different standard images, set up a reference device for each.

Important - The reference device must be free of malware.

To generate the list of applications, run the Appscan command on the reference device. This generates an XML file that contains the details of all the applications and operating system files on the device. In the XML file, each application, and each application version, is uniquely identified by a checksum. A checksum is a unique identifier for programs that cannot be forged. This prevents malicious programs from masquerading as other, innocuous programs.

To collect a list of applications on the reference device:

  1. Go to Policy > Access & Compliance > Manage > Manage Applications.

  2. Under Manage Applications, click Upload Applications.

    The Upload Applications window appears.

  3. Under Download Appscan, click Download.

  4. Run the Appscan application on your target device with the applicable parameters. See Appscan Command Syntax.

    This creates an Appscan XML file for each disk image used in your environment. When the scan is complete, an output file is created in the specified directory. The default file name is scanfile.xml.

Appscan Command Syntax

Description

Scans the host device and creates an XML file that contains a list of executable programs and their checksums.

Syntax

C:\>Appscan [/o <filename> /s <target directory> /x <extension strung /e /a /p /verbose /warnings /?

Parameters

Parameter

Description

/o

Sends output to the specified file name. If no file name is specified, Appscan uses the default file name (scanfile.xml) in the current folder.

file name

Output file name and path.

/s <target directory>

Specifies the directory, including all subdirectories, to scan.

  • You must enclose the directory/path string in double quotes.

  • If no directory is specified, the scan runs in the current directory only.

/x <extension string>

Specifies the file extension(s) to include in the scan.

  • The extension string can include many extensions, each separated by a semi-colon.

  • You must put a period before each file extension.

  • You must enclose full extension string in double quotes.

  • You must specify a target directory using the /s switch.

  • If you do not use the /x parameter only .exe executable files are included in the scan.

/e

Include all executable files in the specified directory regardless of the extension. Do not use /e together with /x.

/a

Includes additional file properties for each executable.

/p

Shows progress messages during the scan.

/verbose

Shows progress and error messages during the scan.

/warnings

Shows warning messages during the scan.

/?

or

/help

Shows the command syntax and help text.

Examples

  • C:\>appscan /o scan1.xml

    This scan, by default, includes .exe files in the current directory and is saved as scan1.xml.

  • C:\>appscan /o scan2.xml /x ".exe;.dll" /s "C:\"

    This scan includes all .exe and .dll files on drive C and is saved as scan2.xml.

  • C:\>appscan /o scan3.xml /x ".dll" /s c:\program files

    This scan includes all .dll files in c:\program files and all its subdirectories. It is saved as scan3.xml.

  • C:\>appscan /s "C:\program files" /e

    This scan includes all executable files in c:\program files and all its subdirectories. It is saved as the default file name scanfile.xml.