Skip to content

Windows Filesystem Scanner getting started guide

This guide explains how to use the AQG Filesystem Scanner to obtain a cryptography scan from the filesystem in Windows.

Installation

You can download the AQG Filesystem Scanner from the web UI.

The sensor is distributed as a zip package named cs-host-scanner-<VERSION>-x86_64-<PLATFORM>.zip. When you extract this package, it creates a directory named cs-host-scanner-<VERSION>-x86_64-<PLATFORM> that contains an executable cs-host-scanner file, the required libraries for Windows, and a README file. For instance:

cs-host-scanner-0.9.6-x86_64-windows\
├── cs-host-scanner.exe
├── libffi-6.dll
├── libgmp-10.dll
├── zlib1.dll
└── README.md

You can move the cs-host-scanner-<VERSION>-x86_64-<PLATFORM> directory anywhere on your system.

Caution

If you move the executable file, make sure to also move the DLLs. They must be in the same directory.

Scanning a Filesystem

Navigate to a directory where you have write permissions to store scan results.

Move the following executable file and libraries to your chosen directory: - cs-host-scanner.exe - libffi-6.dll - libgmp-10.dll - zlib1.dll

then run:

PowerShell
.\cs-host-scanner.exe `
    --root \path\to\a\root\directory `
    --root \path\to\another\root\directory `
    --output scan.cst.gz

Note

--root parameter can be provided multiple times, for instance once for each available drive.

When the AQG Filesystem Scanner has finished executing, the directory you chose earlier will contain the generated trace file.

You can change the directory where the AQG Filesystem Scanner generates traces with the --output option.

Note

Refer to the AQG Filesystem Scanner reference for details on scanning .NET Framework applications and for a list of available parameters.

Scanning windows certificate stores

The AQG Filesystem Scanner can scan Windows Certificate Stores for certificates. When configured, it scans all available stores under the CurrentUser and LocalMachine locations.

In order to achieve this, navigate to a directory where you have write permissions to store scan results.

Move the following executable file and libraries to your chosen directory: - cs-host-scanner.exe - libffi-6.dll - libgmp-10.dll - zlib1.dll

then run:

PowerShell
.\cs-host-scanner.exe `
    --scan-windows-stores
    --output scan.cst.gz

Note

--root and --scan-windows-stores can be used together, for instance to scan multiple drives and Windows certificate stores in a single command.

Upload a trace

Refer to these instructions for uploading a trace using the web UI or API.