Table of Contents
Advertisement
File Integrity Monitoring and entitlement reporting
How file integrity monitoring works
Wildcard characters
Monitored and excluded paths and file names support the * and ? wildcard characters. The *
wildcard character represents one or more characters and the ? wildcard represents a single
character.
You can choose to monitor a single file by typing the name of the file when you create a file
integrity monitoring policy. By using wildcard characters, you can monitor files or paths of a
specific type. For example, if you type
for the path and
for the file, McAfee Policy
?:\Config
*.txt
Auditor monitors all text files in the
folder on all hard drives. You can exclude specific
Config
paths and files in a similar manner.
File validation
McAfee Policy Auditor does not validate the existence of files. It ignores paths or files that do
not exist.
File versioning
McAfee Policy Auditor allows you to store up to six versions, including the file baseline, of text
files from managed systems. The software does not support versioning for non-text files.
NOTE:
The actual text files are not stored in the software database. The database stores the
text file contents for quick comparison purposes, even when the system is not connected to the
network.
When you create a policy, you have the opportunity to store file versions for comparison purposes.
The number of file versions you can store ranges from 2 to 6. This number includes the baseline
version.
File versions are stored on a First In, First Out (FIFO) basis. For example, if you configure the
software to store 3 versions, it stores the baseline version plus the two most recent versions.
If the file changes, the oldest non-baseline file is purged to recover disk space by an internal
server task that runs once a day by default.
Configuring the maximum number of stored file versions
When you create a file integrity monitoring policy, you can specify the maximum file size stored
for each version with the Max versioned file size setting. The available settings range from 1
to 4 MB.
For example, if you set Max versioned file size to 3 MB, the text in the file is stored when its
size is less than or equal to 3 MB. If the file size exceeds 3 MB, the software alerts you with an
error message. If you receive an error message, you can edit the policy so that it stores text
from files as large as 4 MB.
Configuring the maximum number of file integrity monitoring files
You can configure how many versions of files are stored by the software. Use the Server Settings
page to set the number of file versions stored by McAfee Policy Auditor. For more information,
see Max number of FIM version files and Edit Server Settings in the Getting Started with McAfee
Policy Auditor Software section.
McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6
61
Advertisement
Table of Contents
