000031006 - What is the ECAT Server filename and directory structure of the files under the C:\ECAT\Server\Files folder?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000031006
Applies ToRSA Product Set: ECAT
RSA Product/Service Type: ECAT Server
RSA Version/Condition: 4.x
Platform: Windows
IssueWhat is the ECAT Server filename and directory structure of the files under the C:\ECAT\Server\Files folder?
ResolutionThe modules downloaded from ECAT Agent machines are stored in the ECAT Server default location C:\ECAT\Server\Files folder.
The modules downloaded reside within a sub-folder under the C:\ECAT\Server\Files folder.
Where the filename from ECAT Agent machine is renamed into a filename format of:
filename_SHA256_random.fileExtension_
An example, filename:
reportdrivemap_0b1757fcfe8dea7c783112f6e4db5556114be8738f9edbfed264dcf67f0564ac_27985nm.bat_
The directory that the file is in under the C:\ECAT\Server\Files folder is a directory with the first 4 Capital characters of the file's SHA256 value.
For the above filename example the file will be in the ECAT Server folder (default) C:\ECAT\Server\Files\0B17
The C:\ECAT\Server\Files\# folder will contain the MFTs (Master File Table), and MEMORY_DRIVER files downloaded from the ECAT Agent machines.
The random alpha/numeric characters in the file name is to avoid rare cases where certain hash algorithms can result in a collision with the same hash value for different files.
The path of the downloaded module can also be shown in the ECAT UI by following the steps below.
  1. Click on Downloads under the Main Menu.
  2. Click on the file of interest.
  3. Click on Properties on the right to open the Properties panel.
  4. Review the information under File.Download.
It shows information like the, Relative File Name (hpbuio32_77aff5fe4ece571718a382a753ebaaa9561b1c7f980d5be63c057ef23701d1e5_9745.dll_) and Relative Path (77AF\) to the file.

Attachments

    Outcomes