Filter options allow you to choose different types of files to include in the drift report. All of these options are off by default.
These options are essentially shortcuts for some of the more common options you can set by choosing Advanced Filters in either the baseline or target Type menu. The choices are:
- Include approved files – Files with a Local State of Approved are included in the baseline drift comparison.
- Include banned files – Files with a Local State of Banned are included in the baseline drift comparison.
- Include initialized files – Files initialized from a newly installed agent are included in the baseline drift comparison.
- Include missing baseline files – Baseline drift analysis includes tracking of files that exist in the baseline but are missing on the target systems (does not appear if baseline is Same as Target).
- Only include applications – Only files on your network that are executable (for example, .exe or .com, but not Packages) are included in the baseline drift comparison.
- Only include executed files – Only files that actually have executed on your network are included in the baseline drift comparison.
Deciding which of the Filter Options to use depends on your purpose in running a Baseline Drift Report. Although only unapproved files are included by default, you can run baseline drift reports that include locally Approved or Banned files. When both of those options are used, the drift report shows every new file of interest, which can be very useful if you want to see whether your systems have “drifted” from a golden image or known baseline. You might discover that some files you have approved should not have been, or that there is a large proliferation of banned files, which, although they cannot execute, indicate a problem.
Another situation in which including locally banned and approved files as well as missing baseline files might be useful is in an environment where systems must be absolutely standard, for example, point-of-sale systems. You can use drift reports to determine whether all your systems exactly match your golden disk image.