File System Monitoring Cache

The File System Monitoring Cache (FSMon) is a mechanism designed to optimize the performance of file system monitoring operations. It acts as an intermediary storage layer that temporarily holds metadata and state information about the monitored file system. This reduces the need for frequent direct access to the file system, thereby improving efficiency and reducing system overhead.

The cache mechanism (File System Monitoring Cache) keeps the updated directory, file, path, and size information periodically in the new SQLite cache database. This new mechanism permits the applications to quickly retrieve information about file changes, additions, or deletions without repeatedly querying the file system.

By leveraging the cache, applications can quickly retrieve information about file changes, additions, or deletions without repeatedly querying the file system. This is particularly beneficial in environments with high file activity, where constant monitoring is required.

Proper configuration and management of the File System Monitoring Cache are essential to ensure its effectiveness and to avoid potential issues such as stale data or excessive memory usage.

CPU Throttling in BigFix Scanner Service is managed through the CPUHandler component. This feature is designed to control and limit the CPU usage of the BigFix Scanner process, ensuring it doesn't consume excessive system resources and impact overall system performance.

FSMon system exclusions

The following list is automatically excluded by BigFix Scanner Service on Windows:

?:/System Volume Information/*
?:/$Recycle.Bin/*
?:/RECYCLER/*
%CSIDL_WINDOWS%/System32/*
%CSIDL_WINDOWS%/SysWOW64/*
%CSIDL_WINDOWS%/winsxs/*
%CSIDL_WINDOWS%/ServicePackFiles/
%CSIDL_WINDOWS%/installer/*
%CSIDL_WINDOWS%/$NtUninstall/*
%CSIDL_WINDOWS%/$NtServicePackUninstall*$/*
%CSIDL_WINDOWS%/$hf_mig$/*
%CSIDL_WINDOWS%/servicing/*
%CSIDL_WINDOWS%/SoftwareDistribution/*
*/Windows.old/
?:/$WINDOWS.~BT/*
?:/Windows/servicing/*
?:/ProgramData/Docker/windowsfilter/*
?:/ProgramData/Package Cache/*
*/tmp
*/temp
*/cache/out-of-date
*/Temporary Internet Files
*/CacheStorage/*
*/cache2/*
*/Code Cache/*
*/Cache/*

Partition Exclusion: To completely skip FSMon scanning for a specific partition, add its mount point to the FSMon.ExcludeDirectories configuration.

Removable Media: By default, FSMon ignores removable disks. You can enable scanning for these volumes using the FSMon.ScanRemovableVolumes setting. This configuration must be applied using the Command Line Interface (CLI). No Fixlet is currently available for this action.

In Command Line Interface, use the following command:

Sample to add removable drive e.g. “D:\”
Open Command Line prompt as Administrator and type:

>cd <BESClient dir>\tools\scanner\bin\
>bf-scanner.exe config add FSMon.ScanRemovableVolumes D:\
>bf-scanner.exe service restart 

To reset the configuration:

>bf-scanner.exe config reset FSMon.ScanRemovableVolumes
>bf-scanner.exe service restart

Note: Reset command deletes all drives added in the list.