File monitoring (aka as File Integrity Monitoring, FIM) monitors directories to detect changes to files as well as files being added and removed from directories.
By default, EventSentry monitors all files with the .exe and .sys extension in the %SYSTEMROOT%\system32 (as well as %SYSTEMROOT%\syswow64 directories on x64 systems) to ensure that changes to critical operating system files are detected in real time.
Starting with version v3.3 this feature does not generate any email alerts, all detected file changes are logged as informational events and also available in the EventSentry web reports (System Health -> File Integrity).
To change the default settings perform these steps:
To disable file monitoring perform these steps: