Navigation:  Monitoring with EventSentry > System Health Monitoring > File Change Monitoring >

Event Log

 Top  Previous  Next

The following event log records are be logged by this feature with the File Monitoring category:

 

Event Log 32 n t

Event ID

Event Description

Example

12200

A SHA-256 checksum change has been detected.

A SHA-256 checksum change has been detected:

 

File: C:\WINDOWS\system32\ntoskrnl.exe

Old Checksum: B2728620F63488A32597DD97EA40F54460C55D97942748716051F60199C682F8

New Checksum: FE12E1FAEAE5DDF34A93128C7009B69EE88249E6B28BC3D279F2E37ADD3EDC52

 

The content of the above file has been modified.

12201

A file size change has been detected.

A file size change has been detected:

 

File: C:\WINDOWS\system32\MRT.exe

Old Size: 12,619,736 byte(s)

New Size: 13,511,640 byte(s)

Change: +891,904 byte(s)

12202

A file has been added.

A file has been added to a monitored directory:

 

Directory: C:\WINDOWS\system32

File: C:\WINDOWS\system32\_000007_.tmp.dll

Size: 14,640 byte(s)

Checksum: 93BB82EB2786708ADD9F1538283658EE949AA79E658196F0386AD88FB61320B1

12203

A file has been deleted.

A file has been removed from a monitored directory:

 

Directory: C:\WINDOWS\system32

File: _003244_.tmp.dll

Last size: 822,272 byte(s)

Last checksum: FE2FE85EC553E8DFE0B04900EFE5BDA53F0F087730BDEBB95F681A0DF9900938