About the File Watch module

The File Watch module reports changes to files since the last snapshot update and violations of template settings.

Most module security checks use File Watch templates, which define the files, folders, and operating systems that are watched, the depth of folder traversal, and the types of changes that are reported. These templates have .fw file extensions.

The Malicious files security check uses Malicious File Watch templates, which define known attack files and signature patterns. These files have .mfw extensions.

The Changed file (signature) security check uses File Signatures templates to compare the file signatures on the agent with the signatures that are stored in templates on Symantec ESM 5.1 and 5.5 managers. These templates have .fs file extensions.

You can use some File Watch messages to update snapshot or template files to match current agent settings. Updatable messages are identified as TU or SU types in the descriptions of checks that use them.

The File Watch messages that are not mapped to specific security checks are generated by the following: