|
On the monitored Filesystems we see multiple Fileisight_Audit_TEST_FILE_XX.TXT Files with the content: This files is a test file periodically written by PA File Sight to ensre the system sees this file write and delete come trough. This file is created ... What could be the reason these files in some cases don't seem to be deleted? Can this feature of creating and deleting files somewhere be deactivated? Thank you for your help. Lukas |
|
Hi Chris, The main reason for that check is File Sight can only see activity going to local drives, and sometimes people try to monitor a mapped drive which doesn't work, so the main thing is to ensure that it is a local drive and not a mapped drive. Having said that, there is an update in the 8.5 Preview build that takes the additional step of ensuring the drive is attached to the monitoring driver whenever this alert happens. You can get that build from: https://www.poweradmin.com/products/file-sight/downloads/preview/ Finally, if everything seems to be working well for the monitoring you can turn off those internal checks by changing a registry setting. HKLMsoftwarePAFileSight FileSight_DoAuditTestFileIO = 0 Please let me know if you have any questions. Thanks Please make sure to mark your questions accepted when you have your answer by clicking the gray checkmark to the left of the answer. |
