Audit > File Access
Show me an explanation of the items on this page.
The Agent can protect any file on client machines from unauthorized access by a rogue application or user. Any application can be approved or denied access to the file. Additionally, specifying "Ask user to approve unlisted" opens a dialog box and asks the user to approve the application accessing the file. This method effectively learns which applications to approve or deny as you go.
The file can be referenced by file name and/or a portion of the full path. For example, adding a file named protectme.doc to the list, protects on occurrences of protectme.doc in any directory on any drive. Adding myfolder\protectme.doc protects all occurrences of the file in any directory named myfolder.
Note: You may also block operating system access to the protected file. This prevents the file from being renamed, moved, or deleted therefore completely locking down the file from tampering.
Note: Granting access to explorer.exe and/or cmd.exe allows operating system access to a file.
Add
To protect a file from access by rouge applications, enter the filename and click the add button. This open a new dialogue window into which you can select applications to approve for access to that file.
Note: The Browse... button is there solely for your convenience in quickly finding a file path. It can not browse the file system on a remote machine.
The dialog presents the user with one of the following options:
Filename to access control - Spot to edit the path to the controlled file
New... - Add in a new application to give access to this file. You can manually enter the application or use the Search... button to select an application from the audit list.
Remove - Removes an application from the approved access list
Ask user to approve unlisted - Lets users approve/deny access to the file on a per application basis each time a new application tries to access that file. Use this feature to build up an access control list based on normal usage.
Deny all unlisted - Automatically blocks an application from accessing the file. Select this option if you are already sure of which files need access and which do not.
Delete
Remove an application from the protection list by clicking the Delete button. This opens a new dialog box listing all protected files for the selected machine IDs. You can remove files from just the selected machine or from all machines containing that file path.
Explanation of items on this page
The following elements are displayed in the File Access function:
Machine.Group ID
List the Machine ID of all machines that match the Specify Accounts filter. Each Machine ID is a link. Clicking the machine ID name displays the list of applications found by audit for that machine ID. Use this to quickly browse for application names on to approve or deny file access to.
Filename
Filename of the file to be protected. Click the Edit icon next to any filename to change the path for that filename.
Approved Apps
List of all applications protected for each machine ID.
Ask User Approval
Check mark appears if Ask user to approve unlisted is set for this machine ID.
Check-in status
The check-in status of the machines shown in the client machine list is indicated by the icon shown to the left of the client machine ID. The icons and their status are as follows:
Agent has checked in
Agent has not recently checked in
Agent has never checked in