Several modules establish security baselines by creating snapshot files of agent and object settings the first time that they run. Subsequent module or policy runs report changes to security-related settings. You can accept a change by updating the snapshot, or you can fix the problem and then rerun the module or policy.

Snapshot files for users, groups, devices, and file configurations are created for each agent. User snapshots contain the user account information such as permissions and privileges. Group snapshots contain group permissions, privileges, and membership information. Device snapshots contain device ownership, permissions, and attributes. The file snapshot compares current settings to a template, helping you to locate unauthorized file modifications, viruses, and Trojan horses. The UNIX version has an additional snapshot file that monitors new setuid and setgid files for the File Find module. Application modules define and use their own snapshot files.