ISDecisions.com

Language: EN | FR

FileAudit

Audit, archiving and reporting for access to sensitive files.Download FileAudit

Technical Resources

Getting Started Guide

Getting Started GuideType: PDF - Weight: 583KB

No white papers for this software

Faq

How do I start FileAudit?

FileAudit is not a program by itself but an extension to the Windows explorer. To start it, select some files or folders to audit, right-click on them and select the FileAudit menu.

Why can't I see any accesses in the FileAudit dialog box?

- FileAudit searches the Audit information in the Windows NT event logs. In order to use FileAudit, you need to enable the Audit in your domain by checking the appropriate checkboxes in the User Manager for Domains (Windows NT 4) or in Local security policy console (Windows 2000). Also, you will need to specify which accesses should be audited in the NTFS settings of the audited files and directories.

FileAudit was working just after I installed it but now I don’t see any new file accesses. What’s the problem?

Check the configuration of your security log. Overwrite events as needed should be selected to avoid that the system doesn't generate the audit events when the log is full.

I only see two days of audit. How can I keep older file accesses?

If you are using FileAudit 2.x you need to increase the size of your security log so the system will keep the audit events for a longer time. With FileAudit 3 all file access events are stored in a database so you should not have this problem.

Why do I get 'Error Code: 00000005' when trying to audit a file or folder?

The account you are using hasn't got administrative rights on the selected file or folder

FileAudit 3.05

  • Fixed: When using FileAudit remotely the scan of the remote security log was sometimes very slow
  • Improved: The error management when scanning the security log
  • Fixed: When trying to remove the NTFS audit from a deleted file, FileAudit was entering in an endless loop.
  • Fixed: Unselecting in the options the warnings when the object audit was not enabled or configured was not working
  • Improved: Filter out access denied events to MS Office documents because the privilege SeSecurityPrivilege is not held (on Windows 2008 R2 only)

FileAudit 3.04

  • Fixed: FileAudit was crashing if a path with more than 255 characters was specified as filter.
  • Fixed: The Database Cleaner was not working.
  • Fixed: The export in PDF in command line mode may generate an error in reason of a font problem.

FileAudit 3.03

  • Added: Support of Windows Vista and Windows server 2008 object access events
  • Added: Support of the Windows Vista and Windows server 2008 User Account Control
  • Fixed: You could not invoke FileAudit from the explorer context menu in Windows Vista and Windows server 2008
  • Added: Ability to manage the NTFS audit configuration on file and folders directly from FileAudit (Tools menu)
  • Improved: FileAudit configure now the NTFS audit in order to minimize the number of events generated in the security log.
  • Fixed: A problem while exporting a report with wide characters in PDF
  • Fixed: Exported xls files were unreadable by MS Excel
  • Added: Ability to filter out file accesses done by specific executables. You can exclude for example you backup program, or your anti-virus. Go in the Options to configure this.
  • Added: Ability to filter out accesses to specific kind of files (e.g. temporary files with a TMP extension). Go in the Options to configure this.

FileAudit 3.02

  • Fixed: The revoke license button was not working when the license dialog box was displayed during the startup of FileAudit (evaluation period expired).
  • Improved: The administrator is notified (warning event or messagebox) if events have been lost since the last security log scan.
  • Improved: The check of the object access audit
  • Fixed: FileAudit was sometimes unable to check the NTFS audit configuration on files/folders
  • Improved: Clusters are now managed with their virtual name and not with the name of their active node
  • Fixed: The path filter was not working for shares at the root of a disk
  • Added: Ability to change the logo in the report (tools menu-->Logo configuration).
  • Improved: FileAudit only loads needed events from archives in order to display events faster and use less memory (a From time limit need to be set)

FileAudit 3.01

  • Fixed: FileAudit was not displaying denied accesses to folders.
  • Fixed: The title of the option sheet or the file access property sheet was indecipherable in some cases.
  • Fixed: FileAudit was not able to check the NTFS audit configuration on mapped network drives.
  • Improved: Error events are inserted in the event log if the scheduled scan fails for some computers.
  • Added: The database cleaner allows to regularly remove old access events from the database.
  • Fixed: The required ActiveX component comdlg32.ocx was not installed with the product.

FileAudit 3.0

  • Removed: The ability to detect the difference between the file deletion and a file move or rename operation. The result was too random.
  • Fixed: Line feeds were invalid in the CSV export
  • Fixed: FileAudit didn't propose to configure the audit for local files and folders
  • Fixed: A bug while configuring the NTFS audit on files or folders
  • Fixed: During scheduled scans the NetBIOS name of the computer was not inserted in the database
  • Added: The shell extension (FileAudit in the Windows explorer context menu) is now also available on x64 computers

FileAudit 3.0 beta 2

  • Added: the help file was updated. The online version is available here
  • Added: The license system was added. Existing customers covered by the maintenance can now ask for their new FileAudit 3 license key. The evaluation version will allow you to audit files on two computers during 30 days.
  • Improved: FileAudit can now detect the difference between a file deletion and a file move/rename operation.

FileAudit 3.0 beta

  • Added: Accesses can be displayed in a printable report
  • Added: FileAudit can be used without the explorer but the explorer context menu still works.
  • Added: All access events are kept in a database
  • Added: The scan of security logs in order to automatically retrieve access events in the FileAudit database can be scheduled using the FileAudit options
  • Added: Ability to apply an additional filter according to access type (read, write, delete...), the name of the user and a time range.
  • Added: Reports can be generated automatically by saving a filter and by scheduling a batch using this filter.
  • Added: If the NTFS audit is not configured on a file/folder to audit, FileAudit will propose to configure it automatically.
  • Improved: Filter of useless access events (e.g for folders, only delete, permisions change and take ownership events are audited)
  • Improved: If the same access event occurs several times in the same second FileAudit keeps only one event
  • Improved: Better analysis of access events.
Important! With this new version FileAudit will be licensed according to the number of servers on which you want to audit file accesses.

FileAudit 2.41

  • Fixed: FileAudit should now work for all kind of clusters or SAN disks
  • Fixed: The event description was not correctly displayed on Windows 2003 servers
  • Removed: The "From/Where" button because this feature doesn't work anymore on Windows 2000/2003 servers.
  • Fixed: The FileAudit window was displayed in other cases that clicking FileAudit on the context menu. For example while opening a start menu folder.
In order to upgrade FileAudit you need to:
  • Uninstall the previous version
  • Logoff and logon again
  • Install the new version

    • FileAudit 2.4

    • Added: Support of Windows 2003 servers
    • Fixed: a bug when invoking FileAudit on the root of a disk or a share
    • Fixed: a bug disallowing to display deleted files in some cases
    • Improved: a warning message if the audit is not enabled on the server
    • Improved: a warning message if the audit is not configured for the file or the folder
    • Improved: a warning message if the security log is full
    • Improved: a warning message if the user doesn't have administrative rights on the server
    • Improved: In the status bar FileAudit displays the number of audit accesses for the current file or directory/the total number of audited accesses on the server
    • Improved: If no object access audit events are found FileAudit displays a warning message in the status bar.

    FileAudit 2.3

    • Improved: Support of dynamic drives on Windows 2000/XP/.NET. For a remote monitoring on such computers you need first to execute the command line tools DriveName.exe locally (available in the FileAudit folder) or install FileAudit locally.
    • Improved: Probably support of cluster and SAN (not yet tested). We are waiting for your feedback.
    IS Decisions © Copyright 2000 - 2012