Changed file (signature) (Windows)

Module: File Attributes

Supported Platforms: Windows 2000, Windows 2003, Windows 2008, Windows Vista, Windows XP

This check reports changes in file signatures since the last snapshot update. In the Signature field of the File template, select a signature type to perform (CRC and/or MD5). Signature checks provide the highest degree of vulnerability detection. They are also among the most time-intensive checks. If the module takes too long, carefully consider which files warrant the most careful scrutiny and exclude the others by selecting None for them in the Signature field. Instead of the Changed file (signature) check, use the Changed file (times) or Changed file (size) checks for these files.

The following table lists the error messages for the check.

Table: Error messages for Changed file (signature)

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: ESMT_SNAPSHOT_MISMATCH Category: Policy Compliance	Windows 2000 (105530) Windows 2003 (205530) Windows 2008 (248530) Windows Vista (228530) Windows XP (200530)	Title: File has changed Description:The file has changed since the last snapshot update. If the change is authorized, update the snapshot file. If the change is not authorized, restore the file from a backup copy or from the original distribution media, then run the Changed file (signature) check. It is possible to modify a file without changing the modification time.	Severity: yellow-1 Correctable: false Snapshot Updatable: true Template Updatable: false Information Field Format: [%s]
String ID: ESMT_EVENT_LOG_INFO Category: Policy Compliance	Windows 2000 (105559) Windows 2003 (205559) Windows 2008 (248559) Windows Vista (228559) Windows XP (200559)	Title: File or folder Event Log Entry Description:An entry in the Security Audit Event Log occurred for this file or folder.	Severity: green-0 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: ESMT_SNAPSHOT_MISMATCH

Category: Policy Compliance

Windows 2000 (105530)
Windows 2003 (205530)
Windows 2008 (248530)
Windows Vista (228530)
Windows XP (200530)

Title: File has changed

Description:The file has changed since the last snapshot update. If the change is authorized, update the snapshot file. If the change is not authorized, restore the file from a backup copy or from the original distribution media, then run the Changed file (signature) check. It is possible to modify a file without changing the modification time.

Severity: yellow-1

Correctable: false

Snapshot Updatable: true

Template Updatable: false

Information Field Format: [%s]

String ID: ESMT_EVENT_LOG_INFO

Category: Policy Compliance

Windows 2000 (105559)
Windows 2003 (205559)
Windows 2008 (248559)
Windows Vista (228559)
Windows XP (200559)

Title: File or folder Event Log Entry

Description:An entry in the Security Audit Event Log occurred for this file or folder.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]