eG Monitoring
 

Measures reported by ScrtyFlMdfctnChcksTest

Monitoring files on Windows systems is critical to detect suspicious activities. Organizations should keep track of changes that occur to key files and folders, looking for anything out of the ordinary or suspicious file/folder activities. This is where File/Folder Modifications Checks Test helps administrators. By closely monitoring the configured files, the ScrtyFlMdfctnChcksTest test reports the number of files/folders that are modified. An abnormal increase in the number of modified files is an indication of malware activity. Therefore, by using this test, administrators are able to proactively detect any suspicious changes to the file/folder before it causes a potential security threat. The detailed diagnosis of this test provides additional details on the file name, time of last modification, etc.

Outputs of the test : One set of results for the Windows host being monitored.

The measures made by this test are as follows:

Measurement Description Measurement Unit Interpretation
modfdFls Indicates the number of files/folders that were modified during the last measurement period. Number Use the detailed diagnosis to find the file name, last modified time and previous and present checksum values. If the present checksum value has changed from the previous value, then it indicates modification of file/folder.