Reference: Manage high-priority paths

Tanium Client Index Extension uses Index to scan the entire disk on an endpoint at regular intervals that typically occur between once a day and once a week. Index does not use recorder events to update file data across the entire disk. Many Client Index Extension users want more frequent updates for files in certain regions of the disk. To provide this visibility, in addition to the baseline disk scan, Client Index Extension enables you to specify high priority paths that use recorder events to update data and also scans every 24 hours by default.

A high priority path must include a file.path starts with clause in Tanium signal syntax. Escape backslash characters in paths. For example, use C:\\Users\\Administrator to make C:\Users\Administrator a high profile path.

  • Supported: file.path starts with 'C:\\Users\\Administrator'
  • Unsupported: file.path starts with 'C:\'

A high priority path, in addition to the file.path starts with clause, can additionally specify one or more file.path ends with clauses to narrow the file types to inspect.

  • Supported: file.path starts with 'C:\\Users\Administrator' and file.path ends with '.dat'
  • Supported: file.path starts with 'C:\\Windows\\System32' and file.path ends with '.dll' and file.path ends with '.exe'
  • Unsupported: file.path ends with '.dat' (Note that the file.path ends with must be combined with a file.path starts with filter)

If a high priority path full scan (default 24 hrs) has occurred, and in a few hours, a normal Index scan (default 7 days) triggers, the high priority path is scanned again as scans for high priority paths and default scans are separate.

The Index exclusions in Client Index Extension take precedence over any configured high priority paths. If the origin of a high priority path matches any of the configured Client Index Extension Index exclusions, the high priority path scans complete immediately after starting, and do not find files or directories.

The Index exclusions in Reveal will not take precedence over any high priority paths configured in Client Index Extension.