FileAudit Documentation
FileAudit Documentation

Version History

FileAudit 6.5 Released: November 30th, 2023

What's new?

Added

  • New alert history report.
  • Ability to export and schedule the new Alert history report.
  • Automation for audit configuration maintenance.
  • OAuth2 authentication for email notifications.

Improved

  • Database Manager view becomes Maintenance view.
  • Faster loading speed for FileAudit reports.
  • MSP web communication errors.

Fixed in 6.5 Beta

  • Archiving process doesn't remove source access events data if the snapshots archiving fails.
  • Reset Layout doesn't work with the group box in the Advanced permissions report.
  • Connecting to SQL server database without permissions doesn't generate an error message.
  • Setting SQL server database with no server name is allowed generating an error message.
  • Database migration from SQL Server to MySQL database never ends.
  • The permission report can be incomplete if a file cannot be accessed.
  • Database version not detected properly.
  • Database information is not loaded when changing the database.
  • Tab to get next field in "Add new script" dialog goes in disorder.
  • No French translating on Impersonation accounts view.
  • Favorites setting is not keept after closing the console.
  • Only the first path is displayed on a PDF export of the "File and folder properties" report.
  • Unhandled exception is generated with a Token's permission change event.
  • Error when opening "Change permission" report on a remote console.

FileAudit 6.4 Released: October 6th, 2022

What's new?

Added

  • Ability to audit changes to NTFS permissions.
  • New report "Permission changes" including "old" and "new" permissions.
  • Ability to migrate and archive the production database on demand.
  • Ability to schedule the archiving of the database.

Improved

  • New dynamic variable with the new path location of a moved file or folder for the single alerts.
  • Performance scan of the NTFS audit configuration for diagnostics.
  • Added translated fields in the RAW data format for the scheduled reports "Simple Permissions" and "Advanced Permissions".

Fixed in 6.4

  • At service start-up an exception can be triggered when accessing the events analyze queues dictionary.
  • Error login with the impersonation account when connecting to an audited server if the account belongs to the Protected Users group in Active Directory.
  • Japanese characters in the header slogan are not displayed in the reports.
  • The event analyze queue sometimes freezes if the impersonation fails.

FileAudit 6.3 Released: November 30th, 2021

What's new?

Added

  • Detection of the access event "move" on an audited server.
  • Filter alerts, reports, and scheduled reports with the new access type "move".
  • New predefined report for the access event "move".
  • Ability to export reports in .xlsx format.

Improved

  • New dynamic variable with the top local folders for the mass alert notification.
  • Ability to exclude accounts in the scan options for cloud access audit.

Fixed in 6.3

  • In some circumstances the database is not updated when the service starts.
  • The access audit fails if the audited path name contains special characters with accents.
  • Files with a path longer than 260 characters generate a PathTooLong exception.
  • Changes in the parameter to define the days to keep snapshots is not refreshed correctly in the view.
  • Unhandled exception exporting reports with more than 65000 lines in XLS format.
  • Renaming a scheduled access event report is not possible.
  • Mass alert doesn't work for cloud access events.
  • When UseFullPathForCloudProviders advanced settings is enabled the file name contains slash and not backslash as usual.
  • TopFolders dynamic variable can display the same path because it is case sensitive.
  • Changes in scan options are not displayed properly.
  • In audit paths report, the filtering of paths doesn't work.
  • In Windows servers report, the filtering of servers doesn't work.
  • Diagnostic process loses the connection with FileAudit service if the "Log System Information" take more than 2 minutes to be retrieved.
  • A console when remotely connected to the service, uses the local SQLite database if exists, when it should use the remote service SQLite database.
  • Unhandled exception when accessing to audit paths report for an user with only audit permissions.
  • Changes in the permissions of FileAudit are not saved.
  • Snapshots tile should be denied for a user with only audit permission.
  • Filtering on a group with more than 1000 members with a SQLite database is generating an error.
  • Under some specific circumstances file deletions are displayed as read events.
  • The system cannot find the file specified error (2) while scanning permissions.
  • Cloud Audit view is disabled after a subscription.
  • The TruncatePath advanced settings doesn't work in the snapshot generation.
  • Memory not disposed properly when scanning folders and files.
  • Unhandled exception checking the object access audit policy generates a service warning every half hour.
  • Changes in the access type or object type filters are not saved in the alerts.
  • A false rename access event could be registered under certain circumstances.
  • Unhandled exception displaying advanced permissions report.

FileAudit 6.2 Released: July 29th, 2020

What's new?

Added

  • SQLite database as default database.
  • Ability to exclude events from not configured paths.
  • Ability to select your favourite reports in the dashboard.
  • New filters for simple/advanced permissions and file and folders properties reports.
  • New scheduled reports, simple/advanced permissions and file and folder properties, related to scheduled snapshots.
  • Ability to audit rename access events.

Improved

  • Subscription to Cloud providers, by using an external browser.

Fixed in 6.2

  • Unhanded exception when selecting to display the auto filter row option on the grid view of the permission reports.
  • The access event scan can be blocked if there is a snapshot running at the same time.
  • Unhanded exception getting the snapshot list just after removing one of them.
  • In the file/user views some icons can be removed.
  • Unhanded exception when clicking in top files/users in Statistics view.
  • Snapshot generation can get stuck in running state if there are some scan warnings.
  • In access reports the status icons are not according with the text.
  • Deadlock scanning events under certain conditions.
  • The service tries to connected to the Cloud provider when it shouldn't be.
  • Unhanded exception by clicking on the top 5 files but outside the bar and the text in the user view.
  • Activating the audit from the servers view can lost the IP address of the configured server.
  • The monitoring of the server stays disabled when disabling and enabling the audit on the servers view.
  • Scripts with commands which need privilege elevation cannot be executed as a no default administrators in the servers.
  • In the users view the filter doesn't work properly according to the date and hours selected.
  • Alerts are not triggered when the process filter is used.
  • Memory leak scanning AD groups.
  • Events scanned several times when RecordID needs to be truncated to be registered in a MS Access database.
  • On a Turkish platform, OneDrive auditing cannot be enabled.

FileAudit 6.1 Released: November 25th, 2019

What's new?

Added

  • Ability to scan file/folder permissions and properties, on demand or scheduled.
  • New reports to analyse file/folder properties, basic permissions and advanced permissions.
  • New predefined reports for access events.
  • Supports SQLite database.

Improved

  • Excluded hours from Alerts to allow configuration ranges between two different days.
  • Advanced setting UseFullPathForCloudProviders to allow to display in the path file the owner of the resource.

Fixed in 6.1

  • Changes in the alert execution tab are not updated in other alerts using the same script.
  • Alert script execution doesn't work if there is an impersonation account and no working directory in the script settings.
  • Scheduling Denied access report doesn't keep predefined filters.
  • Communication error loading statistics view in a remote console.
  • Client IP addresses are shown in top 5 sources, of statistics view, instead of client names.
  • Access Evolution graph doesn't load all the figures if there are more than 500000 events.
  • Access denied when exporting from All Access view using a remote console with just Audit permission.
  • The MySQL 8.0 drivers ODBC are not supported.
  • In the view audited servers, a server is displayed as audit inactive, when the object access is disabled but it has been configured manually.
  • Disable the audit, in the server view, doesn't work when the advanced object access policy has been configured manually.
  • The servers view is not updated after opening the server details popup, due to a change in the object access policy check.
  • Unhandled exception thrown when loading statistics view.
  • Unhandled exception when clicking on the numbers of statistics view.
  • Web shortcuts in the Help menu do not work in some cases.
  • The console may hang when displaying the audited servers and there is much file access activity.

FileAudit 6.0 Released: May 15th, 2019

What's new?

Added

  • Ability to audit accesses on files stored by OneDrive, Box, Dropbox and Google Drive.
  • New accesses on files stored by OneDrive, Box, Dropbox and Google Drive (Copy, Rename, Move, Shared etc...).
  • New Cloud Audit view in the console.
  • Ability to start a process when an alert is triggered.
  • New Subscription licenses.
  • Ability to remove service events in console Warnings view.

Improved

  • Windows Servers and Windows Paths views.
  • Event Details view.
  • Sync process of Active Directory group members.
  • Console Statistics view.

FileAudit 5.5 Released: February, 2018

What's new?

Added

  • New view - access events performed by a specific user.
  • New view - access events performed on a specific path/file.
  • New view - event details by double clicking in the event.
  • New tool (FileAuditReporter) available in the installation folder to access archived databases.
  • Ability to generate a scheduled report without sending it by mail.
  • Ability to select the folder where the scheduled reports are saved to.
  • Ability to keep the history of all scheduled reports.
  • Ability to restart the FileAudit service when changing remote connection settings.
  • Send notifications to Slack.

Added in 5.5.1:

  • Compact MS Access database after events cleanup.

Improved

  • Save system in the Settings section.
  • Warning notification for any errors whilst generating scheduled reports.
  • Tiles in the Welcome Dashboard are greyed out when access is not authorized, according to user permissions.

Improved in 5.5.1:

  • Backup of the ServiceLog file when its size is above 1MB while the service is starting.
  • Improve the service shutdown while enumerating Active Directory group members in large environments.
  • Revoking a server licence removes now all related events in the database asynchronously.

Fixed in 5.5.1

  • Service warnings related to database size are not sent by email.
  • Some warnings makes the Service Warnings section inoperant.
  • Administrator permission is required to access the File Access Viewer with a remote console.
  • Database maximum size displayed in the EventCleaner information is not correct according to the SQL Express version.
  • Alerts are triggered for files whose name, not extension, matches a file pattern extension defined in the alert.
  • In rare cases, an unexpected exception is thrown in the FileAuditAgent process.
  • The database connection string is not updated in scheduled reports using raw data when it is modified.
  • Error serializing and de-serializing the impersonation account passwords when they include some special characters.
  • An exception is thrown in the console when the audit verification takes more than 2 minutes.
  • In certain conditions, querying the database to generate a report triggers an uncontrolled exception.
  • Sometimes, the Access database estimated size is far from the real database size.
  • An exception can be generated in the EventCleaner view when the service is overloaded.
  • In some conditions, raw data scheduled reports do not work if the service is using SQL authentication.
  • When the evaluation license expires, several exceptions can be thrown in different views of the console.
  • Database insertion exceptions are displayed in the service warnings as duplicate errors, hiding the real exception.
  • Scheduled reports emails are sent without attachment due to denied access to reports generated in shared folders.
  • If several service warnings are created at the same time, only one is displayed.
  • Inactivity incidents can be notified again even though they already were notified.
  • Date and time label of the group in File Access Viewer is not updated with the new events.
  • Mass alert view loses its specific settings.
  • An error is displayed when a scheduled report is configured with no email address.
  • The UniqueId database values for on premise events are not correctly generated.
  • In FileAuditReporter, launching a File Access Viewer report displays an error message.
  • In FileAuditReporter, database access fails when the connection string uses SQL authentication.
  • In FileAuditReporter, the "Group by Object Type" setting displays "0" and "1" items instead of "Folder" and "File".
  • In FileAuditReporter, the "Group by Client Ip Address" setting does not work.

Fixed in 5.5

  • Scheduled reports filtered by "Current..." queries the database with wrong dates after the first execution.
  • If there is only one single administrator for FileAudit, it is possible to deny access to the console for everyone, if their administrator permissions are removed.
  • Syntax to exclude a user in the User filter is not coherent with the syntax to exclude a group in the Group filter.
  • Object Type filter in the File Access Viewer and scheduled reports in the French version doesn't filter correctly.
  • Console hangs when deleting events from the database in the license revocation process.
  • Installation .exe file's details have incorrect copyright info.
  • Publisher field in the "Programs and Features" Windows dialog is wrong.
  • Access to "File Access Viewer" with a remote console and without "Configure settings" permission generates an exception.

FileAudit 5.2 Released: April 11th, 2017

Added

  • Support for Windows Server 2016.
  • Email notifications in case of a new FileAudit service event.
  • Ability to filter access events by Active Directory groups. Available in alerts, scheduled reports and the File Access Viewer.
  • Ability to filter access events by object type (file or folder). Available in alerts, scheduled reports and the File Access Viewer.
  • New FileAudit service event when no file access event has been detected for more than three consecutive days.
  • Ability to display the machine name in addition to the IP address when access is made remotely to a file share.

Fixed

  • Database connection error may generate an exception in FileAudit Settings.
  • Wrong language message in FileAudit service warnings.
  • Communication between the service and the console may generate an exception when an event's access mask contains an unsupported value.
  • Milliseconds missing in the date and time column of the csv file generated from the File Access Viewer.
  • Reconfiguring NTFS audit on a path doesn't propagate in sub-folders if root folder is already configured.
  • Clicking Check for updates may generate an exception.

FileAudit 5.01 Released: January 25th, 2016

Improved

  • The 'Hours' tab of the Alert configuration has moved to 'Excluded hours' tab with a new layout more ergonomic.

Fixed

  • When FileAudit doesn't find the name of the drive, the drivename.exe is not automatically launched.
  • Duplicate records may be inserted in the FileAudit database on specific environment.
  • The "g" character is truncated on the second line of the Recipient tile in the Recipients tab of the Alert configuration view.
  • Changing the database connection string in the FileAudit configuration may cause a service deadlock.
  • Scheduled reports are not correctly updated after a major upgrade during which the installation folder changes.
  • Some events could be lost during massive accesses.
  • Saving Alert modifications from a remote FileAudit console was displaying an error message although everything was correctly saved.
  • When FileAudit monitors more than 10 servers, additional servers may not be monitored properly.

FileAudit 5.0 Released: September 17th, 2015

Added

  • FileAudit detects and displays the source IP address when the access is done remotely through a share.
  • Alerts can be triggered when a user performs a number of accesses deemed beyond the tolerated threshold for a defined period of time.
  • Ability to trigger an alert on access out of business hours.
  • FileAudit now supports MySQL as database system.
  • Statistics can be displayed for a set of folders/files that can be chosen amongst all the paths registered as audited.
  • It’s now possible to add a corporate logo in the printed/exported reports.
  • It’s now possible to check the availability of new versions, direct from the FileAudit Console.