File Access Tracking

File Access Tracking collects all successful file access activity that is logged by the Operating System when auditing on a directory and/or file is enabled. You can utilize this feature to either capture all file access activity or only capture file access activity on security-sensitive files and folders. File Access Tracking can report on.

• files being added to a directory
• files being deleted from a directory
• files being modified
• other file changes such as permission or ownership changes

Like most features, file access tracking can be customized to only capture specific file access (e.g. write access) and you include/exclude files based on patterns like extensions.

Additionally, file access tracking can include the following information about a file change:

• The username of the user who performed the action
• The computer and/or IP address from which the action was performed (optional)
• The process which performed the action (unless performed through a file share)

File Access Tracking requires that auditing is enabled on all folders that are being monitored with the file access tracking feature. While File Access Tracking works well with all versions of Windows, we recommend Vista or Windows 2008 which includes optimized file auditing.