<< Click to Display Table of Contents >> Navigation: Überwachung mit EventSentry > Systemüberwachung > Überwachung von Dateiänderungen und -integrität > Event Log |
Die folgenden Ereignisse werden von dieser Funktion mit der Ereigniskategorie Dateiüberwachung protokolliert. |
Event ID |
Event Description |
Example |
12200 |
A SHA-256 checksum change has been detected. |
A SHA-256 checksum change has been detected:
Package: File Integrity System32 x64 File: C:\WINDOWS\system32\ntoskrnl.exe Old Checksum: B2728620F63488A32597DD97EA40F54460C55D97942748716051F60199C682F8 New Checksum: FE12E1FAEAE5DDF34A93128C7009B69EE88249E6B28BC3D279F2E37ADD3EDC52 Signed: Yes: SHA1 by NETIKUS.NET ltd on 6/15/2018 3:35:51 AM (COMODO RSA Code Signing CA)
The content of the above file has been modified. |
12201 |
A file size change has been detected. |
A file size change has been detected:
File: C:\WINDOWS\system32\MRT.exe Old Size: 12,619,736 byte(s) New Size: 13,511,640 byte(s) Change: +891,904 byte(s) |
12202 |
A file has been added. |
A file has been added to a monitored directory:
Directory: C:\WINDOWS\system32 File: C:\WINDOWS\system32\_000007_.tmp.dll Size: 14,640 byte(s) Checksum: 93BB82EB2786708ADD9F1538283658EE949AA79E658196F0386AD88FB61320B1 |
12203 |
A file has been deleted. |
A file has been removed from a monitored directory:
Directory: C:\WINDOWS\system32 File: _003244_.tmp.dll Last size: 822,272 byte(s) Last checksum: FE2FE85EC553E8DFE0B04900EFE5BDA53F0F087730BDEBB95F681A0DF9900938 |
12210 |
A directory could not be monitored due to an error. |
EventSentry was unable to monitor the directory C:\Files for changes due to the following error: Access Denied. The directory will not be monitored. |
12211 |
A directory could not be monitored in real-time due to an error. |
EventSentry was unable to associate the directory C:\Files with an existing I/O completion port due to error: Access Denied. The directory will not be monitored. |
12212 |
A directory could not be opened / accessed due to an error. |
EventSentry was unable to open the directory C:\Files due to error: Access Denied. The directory will not be monitored. |
12214 |
A temporary file was upgraded from an earlier, deprecated version of EventSentry. |
|
12215 |
Indexing of all monitored directories started. |
File monitoring will now index all monitored directories. This process can take several minutes, depending on the number of files and the performance of the computer. When complete, event 12216 will be logged. |
12216 |
Indexing of all monitored directories is complete. |
File monitoring has finished indexing all monitored directories. |