The File Watch module
reports changes to files since the last snapshot update and
violations of template settings.
Most module security
checks use File Watch templates, which define the files, folders,
and operating systems that are watched, the depth of folder
traversal, and the types of changes that are reported. These
templates have .fw file extensions.
The Malicious files
security check uses Malicious File Watch templates, which define
known attack files and signature patterns. These files have .mfw
The Changed file
(signature) security check uses File Signatures templates to
compare the file signatures on the agent with the signatures that
are stored in templates on Symantec ESM 5.1 and 5.5 managers. These
templates have .fs file extensions.
You can use some File
Watch messages to update snapshot or template files to match
current agent settings. Updatable messages are identified as TU or
SU types in the descriptions of checks that use them.
The File Watch messages
that are not mapped to specific security checks are generated by
The function that creates the baseline snapshot
file the first time when the File Watch module is run on an
Checks and options that require enabled templates
that are specified in the Files/ directories to watch option, the
Malicious files check, and the Invalid signature check
Security checks that cannot locate, and therefore
cannot check, a file or a directory that is listed in a
Security checks that find a template entry for a
remote file or directory that cannot be checked because the Local
disks only option is enabled on a UNIX agent