This feature lets you monitor any suspicious activity related to the confidential files on your computer, local drive, or a removable drive. By default, all files are monitored, you can customize and select the file types and folder paths which you want to exclude from monitoring.
You can exclude the selected file types and folder paths from monitoring actions such as copy, delete, or extension change. Copy action on the local drive is not supported.
You can generate a report for the file activity from the Reports page.
The File Activity Monitor feature is available in clients with Windows and Mac operating systems.
To configure policy for File Activity Monitor, follow these steps:
- Create Container/feature policy for File Activity Monitor.
- Enable File Activity Monitor with a toggle switch.
- Select location, Removable Drive and /or Local Drive. By default, Removable Drive is selected.
- Select the event check boxes, Copy, Delete or Extension Change as per drive. By default, Copy event for the Removable drive is selected. Copy operations only to Removable Drive are monitored.
- In the Exclude File Extensions section, do the following.
By default, the Use from Configurations -> File Activity Monitor check box is selected. So, the list of extensions that are added on the Configurations -> File Activity Monitor page is excluded.
The list of extensions that are already added on this page are displayed.- If you want to add custom extensions on this page, clear the Use from Configurations -> File Activity Monitor check box.
- Enter the extension in the Enter Extension text box, and then click Add.
The file extension should be written without a dot in the following format: xml, html, zip, etc.
The extension is added to the list.
If you want to remove the extension from the list, click the Delete button which appears when you click the list entry.
- In the Exclude Folders section, do the following.
By default, the Use from Configurations -> File Activity Monitor check box is selected. So, the list of folders that are added on the Configurations -> File Activity Monitor page is excluded.
The list of folders that are already added appears.- If you want to add custom folders on this page, clear the Use from Configurations -> File Activity Monitorcheck box.
- Enter the folder path that you want to exclude, for example. C:Thirtyseven4 EDR Security, in the Folder Path text box, and then click Add.
For Mac OS, use only forward slash (/) in the folder path. Example: /Users/Admin/ExcludeList.
User can also add path like %Windir% which is also supported by Windows OS.
To remove the folder path from the list, click the Delete button which appears when you click the list entry.
Note
After adding custom extensions/folders, if you select the Use from Configurations -> File Activity Monitor check box, the custom extensions/folders you have added will be overwritten or lost. Either you can use the list from the Configuration page or the list added on this page.
- To save your settings, click Save Policy.
You can delete the default excluded files and folders from the individual policies.
If the exclusion list in Configurations -> File Activity Monitor is updated, the changes will be reflected in the respective FAM policy, when the Use from Configurations -> File Activity Monitor check box is selected.