File Sight Endpoint Queries

sysit 6
Viewed 0

Hi, new to PA File Sight, and using File Sight Ultra, and the Endpoint Agents across a small number of clients.

From the FAQ: https://www.poweradmin.com/help/pa-file-sight-8-0/monitor_filesight-file-tracker.aspx It states: "However, once a file arrives on the client's computer, the server-based File Sight monitor can't see what is happening. Is the file being copied to a thumb drive? Opened in Word? Sent via Email? The File Sight Endpoint helps answer those questions."

Can somebody better explain how I can monitor and/or report on what's happening to files on client computers. I'm looking for reports showing files sent by email in particular.

Thank you.

endpoint filesight email
1 Answers

Hi Sysit -

Normally when you get alerts or see reports, you'll see the server's view of the file action. Meaning you'd see (for example):

User: James 
Operation: Read 
File: D:\Server_Files\Payroll.xls 
Date: Mar 23, 2020 
IP Addr: 192.168.0.4 
Computer: JAMES-PC

When the Endpoint is installed and running you get the same information as above, plus the view of the activity on the user's computer, so it will add:

Local-User: James 
Local Process: Excel.exe

If the user saves files from Excel.exe you'll be told about that (in the case of Excel.exe it might not matter, but if 7zip.exe read the file and then wrote a file out, you could assume the file was zipped).

This page shows some more details:

https://www.poweradmin.com/products/file-sight/product-information/information-leak-protection/

Doug1126
Related