FileAudit 5.5 Beta
- Added: New view - access events performed by a specific user.
- Added: New view - access events performed on a specific path/file.
- Added: New view - event details by double clicking in the event.
- Added: New tool (FileAuditReporter) available in the installation folder to access archived databases.
- Added: Ability to generate a scheduled report without sending it by mail.
- Added: Ability to select the folder where the scheduled reports are saved to.
- Added: Ability to keep the history of all scheduled reports.
- Added: Ability to restart the FileAudit service when changing remote connection settings.
- Added: Send notifications to Slack.
- Improved: Save system in the Settings section.
- Improved: Warning notification for any errors whilst generating scheduled reports.
- Improved: Tiles in the Welcome Dashboard are greyed out when access is not authorized, according to user permissions.
- Fixed: Scheduled reports filtered by "Current..." queries the database with wrong dates after the first execution.
- Fixed: If there is only one single administrator for FileAudit, it is possible to deny access to the console for everyone, if their administrator permissions are removed.
- Fixed: Syntax to exclude a user in the User filter is not coherent with the syntax to exclude a group in the Group filter.
- Fixed: Object Type filter in the File Access Viewer and scheduled reports in the French version doesn't filter correctly.
- Fixed: Console hangs when deleting events from the database in the license revocation process.
- Fixed: Installation .exe file's details have incorrect copyright info.
- Fixed: Publisher field in the "Programs and Features" Windows dialog is wrong.
- Fixed: Access to "File Access Viewer" with a remote console and without "Configure settings" permission generates an exception.
- Added: Support for Windows Server 2016.
- Added: Email notifications in case of a new FileAudit service event.
- Added: Ability to filter access events by Active Directory groups. Available in alerts, scheduled reports and the File Access Viewer.
- Added: Ability to filter access events by object type (file or folder). Available in alerts, scheduled reports and the File Access Viewer.
- Added: New FileAudit service event when no file access event has been detected for more than three consecutive days.
- Added: Ability to display the machine name in addition to the IP address when access is made remotely to a file share.
- Fixed: Database connection error may generate an exception in FileAudit Settings.
- Fixed: Wrong language message in FileAudit service warnings.
- Fixed: Communication between the service and the console may generate an exception when an event's access mask contains an unsupported value.
- Fixed: Milliseconds missing in the date and time column of the csv file generated from the File Access Viewer.
- Fixed: Reconfiguring NTFS audit on a path doesn't propagate in sub-folders if root folder is already configured.
- Fixed: Clicking Check for updates may generate an exception.
- Improved: The 'Hours' tab of the Alert configuration has moved to 'Excluded hours' tab with a new layout more ergonomic.
- Fixed: When FileAudit doesn't find the name of the drive, the drivename.exe is not automatically launched.
- Fixed: Duplicate records may be inserted in the FileAudit database on specific environment.
- Fixed: The "g" character is truncated on the second line of the Recipient tile in the Recipients tab of the Alert configuration view.
- Fixed: Changing the database connection string in the FileAudit configuration may cause a service deadlock.
- Fixed: Scheduled reports are not correctly updated after a major upgrade during which the installation folder changes.
- Fixed: Some events could be lost during massive accesses.
- Fixed: Saving Alert modifications from a remote FileAudit console was displaying an error message although everything was correctly saved.
- Fixed: When FileAudit monitors more than 10 servers, additional servers may not be monitored properly.
- Added: FileAudit detects and displays the source IP address when the access is done remotely through a share.
- Added: Alerts can be triggered when a user performs a number of accesses deemed beyond the tolerated threshold for a defined period of time.
- Added: Ability to trigger an alert on access out of business hours.
- Added: FileAudit now supports MySQL as database system.
- Added: Statistics can be displayed for a set of folders/files that can be chosen amongst all the paths registered as audited.
- Added: It’s now possible to add a corporate logo in the printed/exported reports.
- Added: it’s now possible to check the availability of new versions, direct from the FileAudit Console.
- Added: FileAudit can audit the file attribute changes. A new switch has been added into the ‘Scan options’ section of the ‘Settings configuration’ view to enable this ability.
- Improved: The ability to exclude a file extension from the audit available in the ‘Scan option’ section of the ‘Setting configuration’ view has been turned to a file pattern mask exclusion allowing wild characters ‘*’ (any string) and ‘?’ (any character).
- Improved: The ‘Time’ settings of ‘Scheduled reports’ offer new predefined relative time period options to generate more easily dynamic contents according to the execution date as: Yesterday, the current week, the previous week, the current month, etc…
- Added: A view named ‘Warnings’ is available from FileAudit Hub to display all issues FileAudit detects when performing its audit monitoring.
- Added: The File Access Viewer, Alerts and Scheduled reports integrate a new criterion to filter on domain.
- Improved: The audit configuration engine now checks when registering a path if the inheritance settings are enabled on subfolders and will also suggest to enable it for a path.
- Improved: The audit configuration engine now checks when registering a path if there are any audit settings already existing on the path entered and will also suggest to overwrite then.
- Added: The ‘Audit configuration’ view now allows you to check and directly reconfigure a registered path if required.
- Added: It's now possible to reset the ‘File Access Viewer’ filter.
- Added: It's now possible to reset the layout of the ‘File Access Viewer’.
- Improved: The ‘Path(s)’ field of the ‘File Access Viewer’ supports now ‘*’ (any string) and ‘?’ (any character) wild characters.
- Fixed: In some cases displaying more than 50000 records generates an exception.
- Fixed: It was not possible to add the administrators group again in the access permissions once it was removed.
- Fixed: After removing the administrators group from the access permissions scheduled reports were no longer working (Access denied in ServiceLog.txt).
- Fixed: It was not possible to perform audit on a deleted file for which the parent folder was also removed.
- Fixed: Specifying an invalid E-mail address in the "From" field of the SMTP settings was making FileAudit crash when launching the E-mail test.
- Fixed: The NTFS audit was not correctly configured when selecting a single file to audit.
- Fixed: Some issues when auditing files on a dynamic drive or on a cluster (The path displayed in the File access viewer was corrupted).
- Fixed: It was possible to use invalid characters in the scheduled report names leading to an exception when saving the scheduled report.
- Improved: FileAudit is now compatible with the security option "Use FIPS compliant algorithms for encryption, hashing, and signing".
- Fixed: A memory leak could happen in the FileAudit service.
- Fixed: It was not possible to delete a configured path when the concerned file/folder was deleted or moved somewhere else.
- Fixed: Accounts with a $ in the name were considered as computer accounts and their events ignored even if the $ was not at the end of the name.
- Improved: It is now possible to disable the flush to the database when displaying events in the File Access viewer in order to avoid a timeout when there is much activity.
- Improved: File access events generated during backup operations with disk shadow copies are automatically discarded.
- Improved: A backup of the configuration file is kept in case the file becomes corrupted.
- Fixed: The schedule type (Weekly/Monthly) and the start hour where missing in the Database cleaner.
- Improved: If the TCP port defined in the remote connection configuration is already used by another application the FileAudit service will still be able to start but remote connections will be disabled.
- Improved: Local folders/files are accessed by FileAudit with their local path instead of their UNC path.
- Improved: Added routine to check credentials provided in impersonation accounts.
- Fixed: The Database wizard could not start the OLEDB wizard.
- Fixed: In Windows 2012/8 when a disk was considered as removable by Windows FileAudit was ignoring file access events on the concerned drive.
- Added: You can now filter events on several users (e.g. user1,user2,user3) and you can also exclude several users form the filter (e.g. *,-user1,-user2,-user3).
- Fixed: Problems in error management when configuring/checking/removing the NTFS audit.
- Improved: When the FileAudit service doesn't have administrative rights to a remote file server to audit, the GUI automatically switch to the impersonation accounts.
- Improved: Configured paths are automatically added to recent audited paths in the File access viewer.
- Added: A button to test SMTP settings in the E-mail Settings view.
- Added: A diagnostic tool to troubleshoot problems. The tool can be launched thanks the F12 key.
- Fixed: FileAudit could not audit remote File Servers that disallow access to the Service control manager.
- Fixed: If the NTFS audit was configured manually for everyone all accesses and the access was denied to FileAudit in a specific audited folder a lot of failure events could fill up the security log and slow down the computer.
- Fixed: The tool tip for the top 5 accessed files in statistics was truncated if the path was too long.
- Improved: The display speed of the main hub if the database is big.
- Added: Partial support of Windows cluster (Active/passive). The tool Drivename.exe needs to be executed on the active node each time the file system resource is switched to the other node and the FileAudit service needs to be restarted.
- Fixed: When a big scheduled report (More than 10 MB) was generated by the service, the GUI could hang and throw an exception.
- Fixed: The Event Cleaner was not working correctly when the execution was scheduled.
- Fixed: Exported CSV files with east asian characters were not correctly imported in MS Excel
- Fixed: File paths with more than 254 characters are truncated to avoid a database insertion error
- Fixed: When auditing a file server from a Windows XP/2003 computer some events may be lost in reason of an integer overflow
- Improved: The number of events displayed by the File Access Viewer is automatically limited to avoid out of memory and communication exceptions.
- Fixed: Permanent deletions done by Windows 8/2012 clients were not audited.
- Added: Community page
- Added: French localization (except help file and getting started guide)
- Added: The service regularly saves its configuration instead of doing it only when the service stops
FileAudit 4.0 RC
- Fixed: When editing an alert, removing/adding a recipient or modifying the mail template didn't enable the save button
- Fixed: When editing an alert or a scheduled report a red cross was displayed for the name
- Fixed: When all scheduled reports where deleted the scheduled task was not deleted
- Fixed: If and alert/scheduled report was already edited, adding a new alert/scheduled report was displaying settings of the previous alert/scheduled report
- Fixed: The SSL switch in the E-mail settings was not kept
- Fixed: The source filter was missing in the alert/scheduled reports settings
- Fixed: Applying a bad license key was making crash the application
- Fixed: The one shot cleaning was not working
- Modified: Each report has its own schedule.
- Fixed: Renaming a scheduled report was duplicating it
- Improved: Configuring the NTFS audit is done asynchroneously avoiding to make the interface hang when configuring the NTFS audit for a folder with a lot of subfolders and files in it
- Added: Ability to disable an alert
- Added: Ability to export file access events in a CSV file
- Added: Ability to send scheduled reports as raw data in a CSV file
- Added: Ability to test a scheduled report
FileAudit 4.0 beta 3
- Fixed: When the licensed is expired the FileAudit service was going to 100 % CPU and generating a big log file
- Fixed: If more than one recipient was specified in a scheduled report the mail could not be sent
FileAudit 4.0 beta 2
- Improved: The window is maximized if the screen resolution is less or equal than 1024*768
- Fixed: A mouse wheel problem after displaying the event cleaner and going back to the main hub
- Fixed: FileAudit was unable to retrieve access events from servers for which more than 4 billions events have already been generated in the security log
- Improved: Performance when the access event rate is high
- Fixed: Minor bugs in the interface
FileAudit 4.0 beta
- Added: FileAudit runs as a service to constantly monitor access events on file servers
- Added: The FileAudit service can be controlled remotely through a customizable TCP port
- Added: It is no longer needed to have administrative rights to use FileAudit. You can delegate audit tasks to non IT persons
- Added: Windows 2008/2008 R2/2012 servers can be monitored remotely in real time
- Added: For Windows 2008/2008 R2/2012 servers events of the security log are prefiltered on the server to avoid using much bandwidth
- Added: E-mail alerts can be triggered when specific access events occur (Access denied, file deletion,....)
- Added: Reports can be automatically generated at scheduled times and sent by E-mails.
- Added: New access events can be displayed in real time in the FileAudit console
- Added: New filter/group/sort/Search capabilities in the datagrid of the file access viewer
- Added: File access statistics can be displayed for a specific time frame
- Added: The event cleaner can display the size of the database if it is a MS Access database
- Added: New "Modern" interface (Windows 8)
For a comprehensive list of all new features please read the following document: What's new in FileAudit 4
FileAudit 4 can be installed side by side with the FileAudit 3 in order to use both versions simultaneously.
FileAudit 3 settings are automatically imported and any MS Access database used by FileAudit 3 will be automatically duplicated in the FileAudit 4 folder and upgraded.
For SQL server databases you need to duplicate the database by yourself and change the connection string in the FileAudit 4 settings.
- Fixed: When using FileAudit remotely the scan of the remote security log was sometimes very slow
- Improved: The error management when scanning the security log
- Fixed: When trying to remove the NTFS audit from a deleted file, FileAudit was entering in an endless loop.
- Fixed: Unselecting in the options the warnings when the object audit was not enabled or configured was not working
- Improved: Filter out access denied events to MS Office documents because the privilege SeSecurityPrivilege is not held (on Windows 2008 R2 only)
- Fixed: FileAudit was crashing if a path with more than 255 characters was specified as filter.
- Fixed: The Database Cleaner was not working.
- Fixed: The export in PDF in command line mode may generate an error in reason of a font problem.
- Added: Support of Windows Vista and Windows server 2008 object access events
- Added: Support of the Windows Vista and Windows server 2008 User Account Control
- Fixed: You could not invoke FileAudit from the explorer context menu in Windows Vista and Windows server 2008
- Added: Ability to manage the NTFS audit configuration on file and folders directly from FileAudit (Tools menu)
- Improved: FileAudit configure now the NTFS audit in order to minimize the number of events generated in the security log.
- Fixed: A problem while exporting a report with wide characters in PDF
- Fixed: Exported xls files were unreadable by MS Excel
- Added: Ability to filter out file accesses done by specific executables. You can exclude for example you backup program, or your anti-virus. Go in the Options to configure this.
- Added: Ability to filter out accesses to specific kind of files (e.g. temporary files with a TMP extension). Go in the Options to configure this.
- Fixed: The revoke license button was not working when the license dialog box was displayed during the startup of FileAudit (evaluation period expired).
- Improved: The administrator is notified (warning event or messagebox) if events have been lost since the last security log scan.
- Improved: The check of the object access audit
- Fixed: FileAudit was sometimes unable to check the NTFS audit configuration on files/folders
- Improved: Clusters are now managed with their virtual name and not with the name of their active node
- Fixed: The path filter was not working for shares at the root of a disk
- Added: Ability to change the logo in the report (tools menu-->Logo configuration).
- Improved: FileAudit only loads needed events from archives in order to display events faster and use less memory (a From time limit need to be set)
- Fixed: FileAudit was not displaying denied accesses to folders.
- Fixed: The title of the option sheet or the file access property sheet was indecipherable in some cases.
- Fixed: FileAudit was not able to check the NTFS audit configuration on mapped network drives.
- Improved: Error events are inserted in the event log if the scheduled scan fails for some computers.
- Added: The database cleaner allows to regularly remove old access events from the database.
- Fixed: The required ActiveX component comdlg32.ocx was not installed with the product.
- Removed: The ability to detect the difference between the file deletion and a file move or rename operation. The result was too random.
- Fixed: Line feeds were invalid in the CSV export
- Fixed: FileAudit didn't propose to configure the audit for local files and folders
- Fixed: A bug while configuring the NTFS audit on files or folders
- Fixed: During scheduled scans the NetBIOS name of the computer was not inserted in the database
- Added: The shell extension (FileAudit in the Windows explorer context menu) is now also available on x64 computers
FileAudit 3.0 beta 2
- Added: the help file was updated. The online version is available here
- Added: The license system was added. Existing customers covered by the maintenance can now ask for their new FileAudit 3 license key. The evaluation version will allow you to audit files on two computers during 30 days.
- Improved: FileAudit can now detect the difference between a file deletion and a file move/rename operation.
FileAudit 3.0 beta
- Added: Accesses can be displayed in a printable report
- Added: FileAudit can be used without the explorer but the explorer context menu still works.
- Added: All access events are kept in a database
- Added: The scan of security logs in order to automatically retrieve access events in the FileAudit database can be scheduled using the FileAudit options
- Added: Ability to apply an additional filter according to access type (read, write, delete...), the name of the user and a time range.
- Added: Reports can be generated automatically by saving a filter and by scheduling a batch using this filter.
- Added: If the NTFS audit is not configured on a file/folder to audit, FileAudit will propose to configure it automatically.
- Improved: Filter of useless access events (e.g for folders, only delete, permisions change and take ownership events are audited)
- Improved: If the same access event occurs several times in the same second FileAudit keeps only one event
- Improved: Better analysis of access events.
Important! With this new version FileAudit will be licensed according to the number of servers on which you want to audit file accesses.
- Fixed: FileAudit should now work for all kind of clusters or SAN disks
- Fixed: The event description was not correctly displayed on Windows 2003 servers
- Removed: The "From/Where" button because this feature doesn't work anymore on Windows 2000/2003 servers.
- Fixed: The FileAudit window was displayed in other cases that clicking FileAudit on the context menu. For example while opening a start menu folder.
In order to upgrade FileAudit you need to:- Uninstall the previous version- Logoff and logon again- Install the new version
- Added: Support of Windows 2003 servers
- Fixed: a bug when invoking FileAudit on the root of a disk or a share
- Fixed: a bug disallowing to display deleted files in some cases
- Improved: a warning message if the audit is not enabled on the server
- Improved: a warning message if the audit is not configured for the file or the folder
- Improved: a warning message if the security log is full
- Improved: a warning message if the user doesn't have administrative rights on the server
- Improved: In the status bar FileAudit displays the number of audit accesses for the current file or directory/the total number of audited accesses on the server
- Improved: If no object access audit events are found FileAudit displays a warning message in the status bar.
- Improved: Support of dynamic drives on Windows 2000/XP/.NET. For a remote monitoring on such computers you need first to execute the command line tools DriveName.exe locally (available in the FileAudit folder) or install FileAudit locally.
- Improved: Probably support of cluster and SAN (not yet tested). We are waiting for your feedback.