Windows: File Integrity Monitoring (FIM) issues - Online help | EventLog Analyzer

Windows: File Integrity Monitoring (FIM) issues

  1. Prerequisites: An agent needs to be deployed on the respective machine.
  2. Open the EventLog Analyzer GUI. Go to the Settings tab > Configuration > Manage File Integrity Monitoring. Configure the folders in the machine that should be monitored.
  3. Verify whether the following audit policies are enabled for the server:
    1. Audit Object Access
      1. Audit File System (Success, Failure)
      2. Audit Handle Manipulation (Success, Failure)
      3. Audit File Share (Success)
  4. Refer to the following steps to check if object-level auditing is configured for all the folders or drives:
    1. Right-click the relevant folder or drive, click Properties, and select the Security tab.
    2. Click Advanced, then go to the Auditing tab.
    3. Check if the following permissions have been provided for the Everyone group. 



Principal

Type
Access
Applies to
File or Folder Changes
Everyone
Success and failure

  1. Create files or write data
  2. Create folders or append data
  3. Write attributes
  4. Write extended attributes
  5. Delete subfolders and files
  6. Delete
This folder, subfolders, and files
Folder Permission and Owner Changes
Everyone
Success and failure

  1. Take ownership
  2. Change ownership
This folder and subfolders

5. Open the command prompt on the FIM machine and execute the following command to ensure that the policies are applied successfully.
  1. auditpol /get /category:"Object Access" 
Windows: File Integrity Monitoring (FIM) issues


                  New to ADSelfService Plus?

                    • Related Articles

                    • How to configure Windows file integrity monitoring

                      Objective This article provides step-by-step instructions to configure Windows file integrity monitoring (FIM) in EventLog Analyzer. FIM is a feature that helps you monitor all changes (additions, deletions, and modifications) made to files and ...
                    • File Integrity Monitoring Issues for Linux

                      Linux - File Integrity Monitoring Issues (FIM) Ensure that the Linux agent is installed in the respective machine. (Location: /opt/ManageEngine/EventLogAnalyzer_Agent) Check whether the agent service responds to the start and stop commands: To start: ...
                    • How to get notified about archive integrity issues in EventLog Analyzer

                      Objective EventLog Analyzer sends alerts when archived log files are deleted or tampered with. These alerts help ensure the integrity and security of archived data, which is critical for audit trails, compliance, and forensic investigations. Email ...
                    • Windows agent not communicating with EventLog Analyzer server

                      Issue description When the agent fails to communicate with the EventLog Analyzer server, the log transfer between devices is disrupted. As a result, logs accumulate on the agent machine until connectivity is restored. This delay in log transmission ...
                    • How to install the EventLog Analyzer agent on Windows devices using a GPO

                      Overview EventLog Analyzer requires agents in specific scenarios to ensure seamless log collection and file monitoring: Windows file server monitoring: An agent is required to monitor files on Windows file servers. RPC connectivity issues: An agent ...