Content Management and Capture

Expand all | Collapse all

Mirroring an entire C:\Datacap directory

  • 1.  Mirroring an entire C:\Datacap directory

    Posted Fri July 17, 2020 11:32 AM
    The client is asking us if they can fully mirror C:\Datacap directory with a secondary environment.
    They say if any new file is created in C:\Datacap, it will always be detected as a suspicious activity.
    While their Datacap applications' batch and product log files are in a different location and application files won't change in production,
    I am afraid there may be product files that may be created temporarily during Datacap and Rulerunner server operation.
    I don't want these files to be detected and reported as illicit activities.
    Here are some that I know. Does anyone know if mirroring of C:\Datacap is feasible or a list of all files that may be updated/created?

    <Files updated/created in daily production>
    - C:\Datacap\Taskmaster\Rulerunner.xmlback is updated when Rulerunner is run/stopped.

    <Files updated/created in periodic maintenance> *These files won't be created unless someone launches the tool.
    - C:\Datacap\RRS\collection.xml is updated when Datacap Studio is opened/closed.
    - C:\Datacap\<App>\dco_<App>\rules\collection.xml and dumpns.xml are updated when Datacap Studio is opened/closed.
    - C:\Datacap\<App>\<App>.app.lock is created when Datacap Application is launched.


  • 2.  RE: Mirroring an entire C:\Datacap directory

    Posted Thu July 23, 2020 05:24 PM
    I would start by setting up the applications to be somewhere other than C:\datacap. You can also move many of the log and config files via the Datacap Server Manager and the Datacap Application Manager tools.


  • 3.  RE: Mirroring an entire C:\Datacap directory

    Posted Mon July 27, 2020 01:21 AM
    Thanks for your reply.
    I can move applications out side of c:\datacap.
    I can also set up Datacap Server, Rulerunner Server, wTM logs to be outside of c:\datacap.
    Do you know any other Product specific staging files and temporary files that get created  (and perhaps deleted) as Datacap Server and Rulerunner Server operate?
    I'd like to know these undisclosed file creations because I cannot tell the client about them now and  if exist the files will be detected as threats.


  • 4.  RE: Mirroring an entire C:\Datacap directory

    Posted Thu December 17, 2020 09:33 AM

    Often, we need to ensure our clients have whitelisted or excluded certain directories from virus scanners and security products.  Otherwise, we find temporary files kick in the virus scanning software which can really slow down processing as the Virus Scanning software takes up a lot of CPU.  Maybe this is also an issue in your scenario.


  • 5.  RE: Mirroring an entire C:\Datacap directory

    Posted Thu December 17, 2020 11:23 PM

    Thanks for the reply.

    The client system would raise an alarm for each unlisted file but the client did not want to skip entire c:\Datacap.

    So, IBM team persuaded the client to exclude the certain directories and files from surveillance list.

    It took some effort to find out which files were temporary ones that got created and deleted once in a while.

    Now the production is running for about 4 months without any alarm.


  • 6.  RE: Mirroring an entire C:\Datacap directory

    Posted Fri December 18, 2020 07:18 AM

    These must need be excluded from surveillance list.

    1) Must ignore
        Rulerunner Server Start/Stop updates this file.
        These font files are temporary files that get created/deleted by Abbyy engine when our app runs.

    2) If you use Datacap Studio and Datacap Application Manager on the production system.
        Datacap Studio updates this xml when closed.

    3) Others are App directory files and C:\Datacap\Taskmaster\Rulerunner.xml.