You have many choices when selecting a file system auditing and control solution for your Windows network. We created CPTRAX for Windows to give you a better choice. The following information has been prepared to provide a technical review of file system auditing methods and how CPTRAX for Windows is a better choice. The file system auditing methods that are compared to CPTRAX for Windows are:
Unique among Windows File System Auditing products, CPTRAX provides an integrated approach that fully connects with the server's communications channels. This allows CPTRAX to record all details regarding file system activity.
Benefited by kernel-level development design experience stretching back to the late 1980's and all versions of Windows since, CPTRAX offers a better choice for Windows File System Auditing. With CPTRAX you will receive reports that include:
And, unlike any other commercial Windows File System Auditing product, CPTRAX offers active blocking of undesirable create, delete and modification activity.
Additionally, the deep level of experience and expertise provided by the Visual Click Software Team gives you the power of CPTRAX without requiring any superfluous technologies on your servers such as the .NET framework, SQL Server, specific MSI Installer versions or any other add-on. While SQL is not required, we do offer the option of sending all activity records to an existing Microsoft SQL Server.
Several file system auditing products available rely upon Windows Event Logs to provide input for their reporting. And, many of these products require you to do your own Event Log "auditing" configuration. This is performed via a tedious manual process that involves visiting each folder (directory) to audit, select audit options and repeat for each user and/or group to audit.
What if you only want to know when certain files are changed? You could define auditing on select files, but, files are often deleted and re-created as part of normal operations making it difficult if not logistically impossible to audit at the file level. Not to mention new files would not be audited at all until auditing was established for each new file. All this means auditing options must be defined at the folder / directory level. Thus, if you simply wanted to track only activity upon XLS or DOC files you cannot define it within the Windows Event Log system. And it is the Windows Event Log system that many file system auditing products rely upon. Most of these tools offer report filtering so you can receive reports of just what you want but the Event Log files will be full of data you did not want to track.
All of this puts the Windows file system auditing process in charge of you because you have to constantly work for what you want and need.
Event Log details include:
And, lastly, Event Log readers do not have the ability to block undesirable file actions.
Some of the available file system auditing products gather file system activity independently of Windows Event Logs via polling and snapshot captures. These products do not require auditing to be configured within the Windows event system. Some of these products include the option to add events to the Windows Event Log based upon activity independently gathered.
As implied by this section's header, polling and snapshot capture file system activity auditing products only report on what is found after the fact. Though some of the products in this group claim to have real-time auditing abilities, it is still based on polling technology. The limitations are consequential as only the bare minimum of file system activity is revealed. On the plus side, due to the lack of direct involvement in auditing file system activities, polling and snapshot products will record fewer events that the Windows Event Log system.
Polling/Snapshot details can include:
And, lastly, Polling and Snapshot Capture products do not have the ability to block undesirable file actions.
A few of the available file system auditing products use a kernel-level File System Driver to gather file system activity independently of Windows Event Logs. These products do not require auditing to be configured within the Windows event system.
These File System Driver products gather events by being directly involved with file system actions as each occurs. File System Drivers are kernel-level agents that, when in use, become part of the Windows file system. This means each file system activity is passed through the agent before it is applied to the affected file or folder. This "low level" of involvement with the Windows file system means nothing is missed. However, the only critical detail tracked is the name of the user (or other account) performing the file action. This means details of remote access are not recorded, no workstation name, no IP address.
File System Driver recorded details include:
And, lastly, File System Driver products do have the innate ability to block undesirable file actions, but we have not found any such commercial products that offer this functionality.
Get a free trial of CPTRAX for Windows today!
Our team will help you implement CPTRAX from start to finish.
We'll make sure you can get the information you need out of CPTRAX.
Our rapid-response support team can assist with any questions you may have.