Please enable JavaScript to view this site.

Event Log 32 n t

The following events are logged by this feature with the File Monitoring event category.

 

Event ID

Event Description

Example

12200

A SHA-256 checksum change has been detected.

A SHA-256 checksum change has been detected:

 

Package:  File Integrity System32 x64

File: C:\WINDOWS\system32\ntoskrnl.exe

Old Checksum: B2728620F63488A32597DD97EA40F54460C55D97942748716051F60199C682F8

New Checksum: FE12E1FAEAE5DDF34A93128C7009B69EE88249E6B28BC3D279F2E37ADD3EDC52

Signed:  Yes: SHA1 by NETIKUS.NET ltd on 6/15/2018 3:35:51 AM (COMODO RSA Code Signing CA)
Entropy:  6.53

 

The content of the above file has been modified.

12201

A file size change has been detected.

A file size change has been detected:

 

File: C:\WINDOWS\system32\MRT.exe

Old Size: 12,619,736 byte(s)

New Size: 13,511,640 byte(s)

Change: +891,904 byte(s)

12202

A file has been added.

A file has been added to a monitored directory:

 

Directory: C:\WINDOWS\system32

File: C:\WINDOWS\system32\_000007_.tmp.dll

Size: 14,640 byte(s)

Checksum: 93BB82EB2786708ADD9F1538283658EE949AA79E658196F0386AD88FB61320B1

Signed: no

Entropy: 7.23

Version: 3.12.00

12203

A file has been deleted.

A file has been removed from a monitored directory:

 

Directory: C:\WINDOWS\system32

File: _003244_.tmp.dll

Last size: 822,272 byte(s)

Last checksum: FE2FE85EC553E8DFE0B04900EFE5BDA53F0F087730BDEBB95F681A0DF9900938

Last version: 3.12.00

12210

A directory could not be monitored due to an error.

EventSentry was unable to monitor the directory C:\Files for changes due to the following error: Access Denied. The directory will not be monitored.

12211

A directory could not be monitored in real-time due to an error.

EventSentry was unable to associate the directory C:\Files with an existing I/O completion port due to error: Access Denied. The directory will not be monitored.

12212

A directory could not be opened / accessed due to an error.

EventSentry was unable to open the directory C:\Files due to error: Access Denied. The directory will not be monitored.

12214

A temporary file was upgraded from an earlier, deprecated version of EventSentry.


12215

Indexing of all monitored directories started.

File monitoring will now index all monitored directories. This process can take several minutes, depending on the number of files and the performance of the computer. When complete, event 12216 will be logged.

12216

Indexing of all monitored directories is complete.

File monitoring has finished indexing all monitored directories.