How do I remove the audit configuration on a subfolder of an audited folder?

In the Scan Options you can exclude the events generated by an executable, an account or some files, but not entire paths.

Currently there is no “out of the box” way to exclude a specific subfolder from the audit.

However you can do it by manually configuring the audit on that subfolder by going into the folder’s properties in the Windows Explorer > Security > Advanced > Auditing.

Click on the button “Disable Inheritance” (and remove the current audit entries).

Once you’ve done this, you will no longer see file accesses in this folder.

• Installation
  • What Operating Systems are supported by FileAudit?
  • What is installed when I use FileAudit?
  • Do I need to install FileAudit on the server I want to audit?
  • How to configure FileAudit for a DFS system
  • How do I remove the audit configuration on a subfolder of an audited folder?
  • Is FileAudit affected by the CVE-2021-44228 Log4Shell Vulnerability?