McAfee PASCDE-AB-IA Product Guide - Page 60

File information monitored, File baselines, Monitored and excluded files

Get McAfee PASCDE-AB-IA - Policy Auditor For Servers PDF manuals and user guides View all McAfee PASCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals

Page 60 highlights

File Integrity Monitoring and entitlement reporting How file integrity monitoring works • Show a side-by-side comparison of file changes and indicate which lines have been added, deleted, or modified. File information monitored The file integrity monitoring feature of McAfee Policy Auditor tracks a number of file attributes. A change in an attribute generates an event notifying you of the change. The monitored attributes differ between the various supported operating systems.The software monitors these attributes on all operating systems. • File size (in bytes) • File created (date and time) • Last modified (date and time) • Read only • Hidden • System • Owner • Group On Windows systems, the software monitors these attributes, the Archive attribute, plus permissions from the Discretionary Access Control List (DACL) File baselines When you create and apply a policy, the agent plug-in scans the file to create a baseline. The baseline contains information about the file attributes, and contains the file text if file versioning is enabled. If the file is changed, the software generates an event that is logged to the File Integrity Monitor page, included in reports, and can be handled by the issues and tickets feature of ePolicy Orchestrator software software. McAfee Policy Auditor software monitors the MD5 and SHA-1 hashes of a file as well as the file attributes and permissions information. These values are stored in a database that is created on each system and on the software server. Each time the file is scanned, the software compares its configuration to the baseline. When the file or an attribute changes, the agent plug-in detects the change and sends an event back to the server according to the monitoring frequency. If versioning is enabled, the text file contents are sent to the server as well. Reset file baselines You can create a new baseline for all monitored files on a system from the Systems tab of the File Integrity page. You can also accept file integrity monitoring events, which creates a new baseline for the selected file and discards old baseline versions. Monitored and excluded files You can create a policy to monitor file changes on a regular schedule. The interface allows to specify files to monitor and files to exclude from monitoring. It also provides the capability to monitor subfolders under each specified path and to monitor symbolic links. 60 McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
Show a side-by-side comparison of file changes and indicate which lines have been added,
deleted, or modified.
File information monitored
The file integrity monitoring feature of McAfee Policy Auditor tracks a number of file attributes.
A change in an attribute generates an event notifying you of the change.
The monitored attributes differ between the various supported operating systems.The software
monitors these attributes on all operating systems.
File size (in bytes)
File created (date and time)
Last modified (date and time)
Read only
Hidden
System
Owner
Group
On Windows systems, the software monitors these attributes, the Archive attribute, plus
permissions from the Discretionary Access Control List (DACL)
File baselines
When you create and apply a policy, the agent plug-in scans the file to create a baseline.The
baseline contains information about the file attributes, and contains the file text if file versioning
is enabled.
If the file is changed, the software generates an event that is logged to the File Integrity Monitor
page, included in reports, and can be handled by the issues and tickets feature of
ePolicy Orchestrator software software.
McAfee Policy Auditor software monitors the MD5 and SHA-1 hashes of a file as well as the
file attributes and permissions information. These values are stored in a database that is created
on each system and on the software server.
Each time the file is scanned, the software compares its configuration to the baseline. When
the file or an attribute changes, the agent plug-in detects the change and sends an event back
to the server according to the monitoring frequency. If versioning is enabled, the text file contents
are sent to the server as well.
Reset file baselines
You can create a new baseline for all monitored files on a system from the Systems tab of the
File Integrity page.You can also accept file integrity monitoring events, which creates a new
baseline for the selected file and discards old baseline versions.
Monitored and excluded files
You can create a policy to monitor file changes on a regular schedule.The interface allows to
specify files to monitor and files to exclude from monitoring. It also provides the capability to
monitor subfolders under each specified path and to monitor symbolic links.
File Integrity Monitoring and entitlement reporting
How file integrity monitoring works
McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6
60