FileAudit

A data surveillance product that functions via an administration console installed on a computer running Microsoft Windows.

FileAudit monitors, archives and reports the access (or access attempts) to sensitive files and folders stored on Microsoft Windows systems. It will help you to know when someone deletes, reads, writes, changes permissions or takes the ownership on critical files located on a server share.

Key Features:

• Real-Time Monitoring: Monitor, in real time, access (or access attempts) to sensitive files and folders stored on Windows systems (read/write/delete accesses, file ownership changes, permission modifications, attribute changes, etc.).
  
• Automatic Email Alerts: Set up E-mail alerts for predetermined access events (access denied - file deletion - a specific user, machine or IP address - time of access - and mass access events such as the copy, deletion or movement of bulk files).
  
• File Server Intelligence: Schedule recurrent email delivery of reports customised according to multiple criteria (path, file type, access type, IP source address, machine name, etc.) for auditing and regulatory compliance.
  
• Delegation to Non-IT: Create specific accounts for people with no administrative rights (external auditors, non-IT executives, etc.), allowing them to perform audits securely and autonomously.

FileAudit - Features

Using FileAudit

To monitor access to your organizations data, standard Microsoft systems only propose manual event log analysis. This very limited functionality leaves administrators having to decrypt hundreds or even thousands of events, attempting to retrieve those of interest; and therefore generates endless hours of non value added work as well as the risk of error or overlook.

On the other hand, with a simple right click in Windows explorer or from the console; FileAudit instantly gives an error ridden and comprehensive list of:

• read/write accesses
• appropriation attempts (accepted or denied)
• permission modification attempts (accepted or denied)

each record detailing:

• the user
• the domain
• the date and time of connection and disconnection

for:

• a file
• a selection of files
• a folder and subfolders
• a selection of folders and subfolders

and gives you a very simple and efficient way of controlling the use made of your organizations sensitive and confidential data.

How does FileAudit work?

FileAudit is an administration console to be installed on a computer running Windows NT4, 2000, 2003 or XP. The Audit object access needs to be enabled on the computers storing the files and folders to be analyzed. No extra installation or agent deployment is necessary as all the actions are made using the files and folders context menus. FileAudit can be used:

• from Windows explorer, as FileAudit is added to the file's and folder's context menu
• with its own console

one only needs to:

• select a file, a group of files, a folder or a group of folders in the explorer, right-click and select FIleAudit
• Select the file(s) or folder(s) in FileAudit's console

to instantly display all access attempt information

Why buy FileAudit?

Using FileAudit in your environment will bring you the following advantages:

• security for your confidential and sensitive data
• eradication of the workload related to data surveillance
• help toward your information systems compliance as to multiple international regulations and standards (HIPAA,
• Sarbane-Oxley, GLBA, NIST/FIPS, ITIL, COBIT, CISP, ISO 17799)
• simplicity of use: context menu, agentless solution
• efficiency: instant display, multiple selections

FileAudit Features

Instant surveillance
From its own console or with a simple right click in Windows explorer; FileAudit instantly displays for:

• a file
• a selection of files
• a folder and subfolders
• a selection of folders and subfolders

the list of:

• read/write accesses
• file deletion attempts (accepted or denied)
• appropriation attempts (accepted or denied)
• permission modification attempts (accepted or denied)

each record detailing:

• the user
• the domain
• the date and time of connection and disconnection

Access event archiving
FileAudit can be scheduled to automatically archive into a database, at regular intervals, the access events occurring on one or more systems for permanent storage.

Audit and reporting
FileAudit can display file/folder access history in a printable report that can be scheduled to run automatically.

FileAudit can also export the generated results in ASCII format, allowing their use in view of an audit or for subsequent analysis and control.

Ease of Use

• Elimination of all duplicated, irrelevant and pseudo events, rendering analysis a lot easier and sparing backup disk space
• Ability to add display filters: accepted or denied access, type of access (read, write, delete, ...), user account, time frame, etc...
• Quick access to the latest files/folders audited
• Automatic configuration of the Windows audit on files/folders with default audit values

Non-intrusive technology
FileAudit is an agentless solution and only uses standard Windows APIs.

FileAudit 3.03

• Added: Support of Windows Vista and Windows server 2008 object access events
• Added: Support of the Windows Vista and Windows server 2008 User Account Control
• Fixed: You could not invoke FileAudit from the explorer context menu in Windows Vista and Windows server 2008
• Added: Ability to manage the NTFS audit configuration on file and folders directly from FileAudit (Tools menu)
• Improved: FileAudit configure now the NTFS audit in order to minimize the number of events generated in the security log.
• Fixed: A problem while exporting a report with wide characters in PDF
• Fixed: Exported xls files were unreadable by MS Excel
• Added: Ability to filter out file accesses done by specific executables. You can exclude for example you backup program, or your anti-virus. Go in the Options to configure this.
• Added: Ability to filter out accesses to specific kind of files (e.g. temporary files with a TMP extension). Go in the Options to configure this.

Back to top

FileAudit - System Requirements

Operating system
Windows 2008
Windows Vista
Windows XP
Windows 2003
Windows 2000
Windows NT 4

File system
NTFS