McAfee PASCDE-AB-IA Product Guide - Page 61
File versioning, Wildcard characters, File validation
View all McAfee PASCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 61 highlights
File Integrity Monitoring and entitlement reporting How file integrity monitoring works Wildcard characters Monitored and excluded paths and file names support the * and ? wildcard characters. The * wildcard character represents one or more characters and the ? wildcard represents a single character. You can choose to monitor a single file by typing the name of the file when you create a file integrity monitoring policy. By using wildcard characters, you can monitor files or paths of a specific type. For example, if you type ?:\Config for the path and *.txt for the file, McAfee Policy Auditor monitors all text files in the Config folder on all hard drives. You can exclude specific paths and files in a similar manner. File validation McAfee Policy Auditor does not validate the existence of files. It ignores paths or files that do not exist. File versioning McAfee Policy Auditor allows you to store up to six versions, including the file baseline, of text files from managed systems. The software does not support versioning for non-text files. NOTE: The actual text files are not stored in the software database. The database stores the text file contents for quick comparison purposes, even when the system is not connected to the network. When you create a policy, you have the opportunity to store file versions for comparison purposes. The number of file versions you can store ranges from 2 to 6. This number includes the baseline version. File versions are stored on a First In, First Out (FIFO) basis. For example, if you configure the software to store 3 versions, it stores the baseline version plus the two most recent versions. If the file changes, the oldest non-baseline file is purged to recover disk space by an internal server task that runs once a day by default. Configuring the maximum number of stored file versions When you create a file integrity monitoring policy, you can specify the maximum file size stored for each version with the Max versioned file size setting. The available settings range from 1 to 4 MB. For example, if you set Max versioned file size to 3 MB, the text in the file is stored when its size is less than or equal to 3 MB. If the file size exceeds 3 MB, the software alerts you with an error message. If you receive an error message, you can edit the policy so that it stores text from files as large as 4 MB. Configuring the maximum number of file integrity monitoring files You can configure how many versions of files are stored by the software. Use the Server Settings page to set the number of file versions stored by McAfee Policy Auditor. For more information, see Max number of FIM version files and Edit Server Settings in the Getting Started with McAfee Policy Auditor Software section. McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6 61