Hi,
We have recently purchased Netwrix for our purposes, and we are slowly configuring it. I receive daily reports for file server activity, and I noticed a lot of auditing for file access from specific processes, as given below
Posted 04 July 2017 - 07:52 PM
Hi,
We have recently purchased Netwrix for our purposes, and we are slowly configuring it. I receive daily reports for file server activity, and I noticed a lot of auditing for file access from specific processes, as given below
Posted 05 July 2017 - 01:57 PM
Hello,
You should be able to just use the omitstoreprocesslist.txt in C:\Program Files (x86)\Netwrix Auditor\File Server Auditing
Syntax: Monitoring plan name,resource path,executable path
Example: Production Servers,\\\\productionserver1.corp.local\\builds\\releases\\*,*wordpad.exe
*,*,*fsdmhost.exe
*,*,*svchost.exe
-Jeff
Posted 05 July 2017 - 09:13 PM
Hello,
Thank you for the reply.
Now it is clear to me for the processes, but how to exclude users like: domain\servername$, or any other user which may run backup or any other process.
Thank you
Posted 07 July 2017 - 01:00 PM
This can be done with the omitstorelist.txt option.
Syntax: Monitoring plan name,Change Type,who changed,resource type,resource path,property name
Example: *,,CORP\\jsmith,*,*,
As seen in section 10.2.5. Exclude Data from File Servers Auditing Scope starting on page 127 of the Netwrix Auditor Administration Guide https://www.netwrix....rator_Guide.pdf
-Jeff
Change and Access Auditing Tools →
Netwrix Auditor for Windows File Servers Free Community Edition →
Community Edition LimitationsStarted by rmit16 , 28 May 2019 ![]() |
|
![]()
|
||
Change and Access Auditing Tools →
Netwrix Auditor for Windows File Servers Free Community Edition →
Change Working Folder locationStarted by rmit16 , 23 May 2019 ![]() |
|
![]()
|
||
Change and Access Auditing Tools →
Netwrix Auditor for Windows File Servers Free Community Edition →
Audit Database ErrorStarted by maestro , 10 Apr 2019 ![]() |
|
![]()
|