How do I adjust file (integrity) monitoring alerts?

Article ID: 359
Category: Configuration
Applies to: All Versions
Updated: 2019-07-25

File monitoring (aka as File Integrity Monitoring, FIM) monitors directories to detect changes to files as well as files being added and removed from directories.

By default, EventSentry monitors all files with the .exe and .sys extension in the %SYSTEMROOT%\system32 (as well as %SYSTEMROOT%\syswow64 directories on x64 systems) to ensure that changes to critical operating system files are detected in real time.

Starting with version v3.3 this feature does not generate any email alerts, all detected file changes are logged as informational events and also available in the EventSentry web reports (System Health -> File Integrity).

To change the default settings perform these steps:

  1. Open the management console
  2. Navigate to Packages -> System Health
  3. Locate the package File Monitoring System32 32bit or File Monitoring System32 64bit. Expand it and click File Monitoring
  4. Adjust settings in the dialog or double-click a listed directory to change the event severity, customize the monitored files etc.
  5. Save or Save & Deploy the configuration

To disable file monitoring perform these steps:

  1. Open the management console
  2. Navigate to Packages -> System Health
  3. Locate the package File Monitoring System32 32bit or File Monitoring System32 64bit and select it.
  4. Select "Properties" in the ribbon
  5. Clear the Enable package check box
  6. Save or Save & Deploy the configuration


Tags