ManageEngine FileAudit Plus License

  • Technical Support
  • Last updated on: 30 Dec 2017

FileAudit Plus

Real-time Windows file server auditing and analysis software

FileAudit Plus is a tool that allows real-time monitoring, reporting, and alerting of all the changes made to files and folders on your Windows file server. Additionally, it provides a detailed analysis of file storage and access attempts. It helps improve data security and information management in your Windows file server environment, so you can meet compliance requirements in a comprehensive yet simple and cost-effective way.

Audit and analyze file and folder access

Auditing Windows file servers

Windows file servers contain critical information that requires protection. That’s why file server auditing is imperative for any organization. By auditing all file and folder-related events, you can ensure file server security while meeting compliance requirements.

While native auditing can provide information regarding who accessed what, when, and from where, sifting through volumes of event logs is cumbersome. Circumvent this time-consuming process with the use of a real-time Windows file server auditing tool like FileAudit Plus.

5 elements that make FileAudit Plus a comprehensive Windows file server auditing and analysis tool


  1. Track every single access and change occurring in the file server with the Access Audit report. The reports included under the Access Audit report are:
    • Content and location change events: Track all file and folder events such as create, modify, overwrite, move, restore, rename, and delete events.
    • Security permission change events: Monitor file and folder permissions, owner and SACL changes, and identify unauthorized changes.
    • All failed attempts: Monitor failed attempts to read, write, or delete a file or folder.
    • Read-only events: Track events where a file or folder was accessed but not changed.
  2. Get complete visibility into everything happening in the file server with an extensive list of event details, including: server name, accessed by, time modified, location, share path, process name, last write time, creation time, and last access time.
  3. Drill down into specific events occurring in the file server using built-in filters based on identifiers such as: server, share, user, business or non-business hours, and more. Create customized reports by saving applied filters.
  4. Quickly understand what’s going on in the file server by viewing the graphical representation of all events. Events are grouped by: top 5 users, top 5 processes, and access type.
  5. detect-access-trends-thumb

    Detect access trends with the Access Analysis report. Get a summary view of what’s happening in the file server with the following sub-reports: most accessed files, most modified files, most accesses by process, most accesses by user, files accessed after N days, and files modified after N days (where N is defined by the user).

You can also utilize the following features:

  • Automate email delivery of reports at specified time intervals.
  • Export reports to multiple formats, such as CSV, XLS, PDF, or HTML.
  • Quick search by inputting any attribute value related to a specific event under reports.
  • Define an open-ended time range for reports.


Windows file integrity monitoring with FileAudit Plus

Combat savvy hackers, sudden malware outbreaks, and challenging regulatory mandates using FileAudit Plus, our file integrity monitoring software. This state-of-the-art tool also helps generate actionable reports, deliver severity-based alerts, streamline compliance requirements, spot indicators of compromise, and in short, strengthens your organization’s security.

Key benefits of File integrity monitoring with FileAudit Plus

Get real-time alerts

Thwart potential threats right at their inception using real-time monitoring that triggers instantaneous alerts, reducing the time between the onset and detection of malware.

Spot anomalies

Detect and respond to sudden spikes in file access or divergent file modifications using automated responses.

Meet regulatory mandates

File integrity monitoring helps address many of the critical compliance requirements mandated by regulations such as PCI DSS, HIPAA, FISMA, SOX, and NERC.

Combat malware

When FileAudit Plus detects a malware infection, it triggers an alert that signals the tool to automatically carry out tasks users have defined in advance, stopping any threat in its tracks.

Gain deeper insights

Focus on what matters by selectively monitoring critical files, folders, or even users to effectively pinpoint any unauthorized changes to files.

Perform forensic analysis

Identify the root cause of security incidents faster using actionable, accurate forensic data, and generate clear concise audit records as legal evidence.


Use FileAudit Plus to swiftly detect threats and automatically respond to incidents

  • Detect ransomware with real-time mass access alerting.
  • Trigger alerts the very instant ransomware starts encrypting your files.
  • Quarantine ransomware with customizable and automated response system.
  • Shut down infected devices to instantly halt the spread of ransomware.
  • View in-depth details of events for further investigation.

FileAudit Plus is a real-time change monitoring and alerting tool for Windows file systems. Since it uses dedicated agents to monitor files continuously, FileAudit Plus has the ability to detect file changes the very instant they happen. This tool offers two important features which play a critical role in detecting and responding to ransomware attacks successfully: mass access alerts and automatic alert responses. Using these two features, FileAudit Plus significantly reduces the time it takes to detect and respond to a ransomware attack. In fact, it automatically responds as soon as it detects the signs of a ransomware-type compromise. In doing so, it completely removes the need for human intervention, which is often slow and unsuccessful when pitted against ransomware attacks.

Mass access alerts:

When an encryption attack is underway, the ransomware accesses and modifies an unusually large number of files in a short period of time. FileAudit Plus can be configured to monitor the frequency of file modifications by a user, and to alert whenever the number of modifications crosses a specified threshold within a specified time period. Given its real-time event monitoring capability, FileAudit Plus’ threshold-based alerts are triggered as soon as the ransomware starts its encryption exercise. Alerts also indicate the username, source, date, and time of the security breach, and other alert parameters, paving the way for further investigation.

Automatic alert response:

FileAudit Plus allows you to configure a predetermined response to an alert. In other words, you can program the tool to take a specified action when a certain alert is triggered, effectively enabling you to automate the incident response. FileAudit Plus has a built-in ransomware alert response, which locks down the infected device, thereby stopping the spread of ransomware to network storage or other systems and preventing the attacker from causing any further damage. Additionally, you can also set up your own automated alert responses, through the execution of a batch file, to respond to mass access alerts automatically.

Understanding ransomware

Ransomware is malicious software that blocks access to data by encrypting files. Once the files are encrypted, hackers demand victims pay a ransom in order to regain access to their files.

There are a number of ways ransomware attacks are initiated.The most common attack vector is a phishing email that appears to be legitimate, tricking the victim into clicking on a link or opening an attachment. Victims might also be lured into visiting a malicious website and downloading the ransomware executable.

Once the attack is initiated and the data is encrypted, there are two options to recover data. Victims can pay the ransom, but that doesn’t guarantee their files will be decrypted. They can also restore their data using a backup, but potentially vital data not included in the last backup will be lost.


Audit share and NTFS permissions on a file server

If users are given excessive rights and permissions to files, it could result in inappropriate access or unwarranted changes. This would put the entire organization at risk of losing data or incurring compliance-related penalties. FileAudit Plus addresses this concern by acting as an NTFS and file share permission reporter. With FileAudit Plus, you can be certain that your employees have all the access they require to do their jobs and nothing more.

By auditing file server permissions and access rights using FileAudit Plus, users get:

Audit file and folder access permissions

  • Instant, accurate insights on access and share permissions assigned to all files and folders.
  • A custom filter option that enables quick search for files and folders.
  • Reports that are designed to match the requirements of regulatory acts such as HIPAA, PCI-DSS, SOX, FISMA, and GLBA.
  • Reports that can be exported to multiple formats such as PDF, XLS, CSV, and HTML.
  • Reports that can be scheduled to be delivered via email.


Satisfy compliance requirements using FileAudit Plus

Is your organization in an industry (such as healthcare or financial services) that conforms to high security standards? Do you have a myriad of complex compliance requirements to meet? Do you need to pass compliance audits on a limited budget? Then FileAudit Plus is the solution for you. With FileAudit Plus, you get limitless visibility on all file-related changes, access attempts, and share permissions, which helps make your organization more secure and compliant with external regulatory mandates.

With FileAudit Plus, you can efficiently:

FileAudit Plus audit report

  • Generate customizable audit-ready reports for SOX, HIPAA, FISMA, GDPR, PCI, GLBA, and much more.
  • Ensure high levels of security by detecting and resolving compliance issues in real time before external audits occur.
  • Enjoy continuous auditing to maintain file accountability and integrity.
  • Preconfigure reports (based on user, business hours, file path, etc.) to audit your organization’s specific requirements.


Analyze files and disk space

The problem with leaving file server storage unmanaged

Organizations that leave their file servers disorganized tend to accumulate redundant data over time. Having redundant data in your organization can lead to multiple issues, including:

  • Running out of storage space and having to pay for additional storage.
  • Having to sift through volumes of information to get to information that is actionable.
  • Slow performance in service operations such as backups.

These issues drag down productivity and reduce IT efficiency. Using software like FileAudit Plus to manage file server storage can help you address all of these problems by making your file server lean and efficient.

Optimize file server storage with FileAudit Plus

Identify stale, non-business, and other unnecessary files to reduce clutter

Find and cleanse old, unused (inactive), unmodified, large, and non-business files with the following reports included under the File Analysis report:

  • Old, stale, unmodified files: Spot files that exceed a given time period in terms of creation time, modified time, and last accessed time.
  • Large, hidden files: Identify files that exceed a given size and files that are hidden from plain sight.
  • Non-business files: Flag non-business files. Define what files fall under the non-business category, for example media files, according to your needs.

Analyze disk usage and view properties of files and folders with the following reports included under Disk Analysis report:

  • Disk usage: Get a visual representation of currently used disk space against the total space available in a disk. Also view disk space trend analysis bar graph to understand storage space usage patterns.
  • File/Folder Properties: View file and folder properties such as: location, object type, size (in MB), file count, directory count, creation time, last access time, and last modification time.

You can also utilize the following features:

  • See the bigger picture with an extensive list of event details for each of the above reports: file name, file size in MB, file owner, file creation time, file last accessed time, and file last modification time.
  • Export reports to multiple formats such as CSV, XLS, PDF, or HTML.
  • Quick search by inputting any attribute value related to a specific event under reports.