Enumerating files is one of the first things which you see in the Attack Surface Analyzer for Windows 7, when it begins the scan. So what is this action? Well, if you understand the words, it is not difficult to understand the meaning. The word ‘enumerating’ means to number (as in to start numbering). So when the Attack Surface Analyzer says that it is enumerating files, it is actually numbering and counting the files on your system. That said, the Attack Surface Analyzer actually reads the file permissions and security descriptors of the files and stores their properties so that it can later find the differences and report the issues to the user (i.e. you).
You can open the files.xml on your computer from the data directory (which by default is C:\Users\username\ Attack Surface Analyzer\data). Beware however that the file would be huge. If you have too many files on your computer, it is going to be even larger in size. So when you open this file in an editor, it will take a long time to open.
The files.xml file would contain entries for individual files on your system. The files are represented in the xml format. Although the list is long, a sample entry would look like this:
As you can see, Attack Surface Analyzer represents files in two ways, one by their long names (which we use normally) and the short names (which are the DOS representation of those file names). Along with this, it stores the attributes of the files (inside the
When Attack Surface Analyzer analyzes the scans and generates the reports, it would compare the security descriptors and the attributes of the files to determine if the attack surface has changed. Note that those properties of files which do not affect the attack surface are not stored for comparison. In the above example, you can see that the file size, file creation, modification dates etc are not stored. This is so because these properties of a file will not affect the security of the system.