Associate a File Integrity Monitor Policy With an Agent
You must be logged in as an Administrator to take this action.
In the System Monitor Agent Properties dialog box, the Endpoint Monitoring tab contains the File Integrity Monitor sub-tab. On this tab you assign FIM polices to the agent and tab to enable monitoring for that agent and to assign FIM policies.
- On the main toolbar, click Deployment Manager.
- Click the System Monitors tab.
- Double-click an agent to display the System Monitor Agent Properties dialog box.
- Click the Endpoint Monitoring tab, and then click the File Integrity Monitor sub-tab.
- Select the Enable File Integrity Monitor check box.
- Select Standard or Realtime monitoring.
In Standard mode, and if User Activity Monitor is enabled, you can select the Include User Activity Monitor Data (Requires UAM) option. When enabled, user log on information is included in the FIM logs. This option is disabled by default.
In Realtime mode, you can select the Enable Realtime Mode Anomaly Detection option. If an active FIM Policy is monitoring for Modify events, the Realtime FIM engine recomputes the hash for monitored items after every Modify. If Realtime Mode Anomaly Detection is enabled, the Realtime FIM engine recomputes the hash for each file once every 24 hours. If the hash value has changed since it was last computed, FIM generates a "missed" modify event (MissedModifyAnomalyEvent). If you're monitoring for READ, it will report that when an application reads the file, but will not recompute the hash for that event.
Standard and Realtime FIM are included with the System Monitor Lite license for desktop operating systems only. Server operating systems require System Monitor Pro or Collector. For more information about specific operating system support, see the Realtime File Integrity Monitor (FIM) Support by Operating System.
In the Policy list, select one or more policies to apply to the agent.
The policies are applied consecutively. Each selected policy is applied to the agent.
(Optional) To display the Directories Monitored With Selected Policies window, click Preview. This windows displays the directories and files being monitored by the selected policies. To close the window, click OK.
To associate the policies to the Agent, click Apply, and then click OK to close the dialog box.