The following events are logged by this feature with the File Monitoring event category. |
Event ID |
Event Description |
Example |
12200 |
A SHA-256 checksum change has been detected. |
A SHA-256 checksum change has been detected:
Package: File Integrity System32 x64 File: C:\WINDOWS\system32\ntoskrnl.exe Old Checksum: B2728620F63488A32597DD97EA40F54460C55D97942748716051F60199C682F8 New Checksum: FE12E1FAEAE5DDF34A93128C7009B69EE88249E6B28BC3D279F2E37ADD3EDC52 Signed: Yes: SHA1 by NETIKUS.NET ltd on 6/15/2018 3:35:51 AM (COMODO RSA Code Signing CA)
The content of the above file has been modified. |
12201 |
A file size change has been detected. |
A file size change has been detected:
File: C:\WINDOWS\system32\MRT.exe Old Size: 12,619,736 byte(s) New Size: 13,511,640 byte(s) Change: +891,904 byte(s) |
12202 |
A file has been added. |
A file has been added to a monitored directory:
Directory: C:\WINDOWS\system32 File: C:\WINDOWS\system32\_000007_.tmp.dll Size: 14,640 byte(s) Checksum: 93BB82EB2786708ADD9F1538283658EE949AA79E658196F0386AD88FB61320B1 Signed: no Entropy: 7.23 Version: 3.12.00 |
12203 |
A file has been deleted. |
A file has been removed from a monitored directory:
Directory: C:\WINDOWS\system32 File: _003244_.tmp.dll Last size: 822,272 byte(s) Last checksum: FE2FE85EC553E8DFE0B04900EFE5BDA53F0F087730BDEBB95F681A0DF9900938 Last version: 3.12.00 |
12210 |
A directory could not be monitored due to an error. |
EventSentry was unable to monitor the directory C:\Files for changes due to the following error: Access Denied. The directory will not be monitored. |
12211 |
A directory could not be monitored in real-time due to an error. |
EventSentry was unable to associate the directory C:\Files with an existing I/O completion port due to error: Access Denied. The directory will not be monitored. |
12212 |
A directory could not be opened / accessed due to an error. |
EventSentry was unable to open the directory C:\Files due to error: Access Denied. The directory will not be monitored. |
12214 |
A temporary file was upgraded from an earlier, deprecated version of EventSentry. |
|
12215 |
Indexing of all monitored directories started. |
File monitoring will now index all monitored directories. This process can take several minutes, depending on the number of files and the performance of the computer. When complete, event 12216 will be logged. |
12216 |
Indexing of all monitored directories is complete. |
File monitoring has finished indexing all monitored directories. |