File Integrity Monitoring Policy

File Integrity Monitoring lets you monitor files, folders, registry keys, or registry values for changes.

This monitoring helps you comply with security requirements like PCI DSS.

To set up a policy, do as follows:

1. Go to My Product > Server > Policies.
2. Create a File Integrity Monitoring policy or edit the Base Policy. See Create or Edit a Policy.
3. Open the policy's Settings tab.
4. Select Use File Integrity Monitoring.

By default, we monitor critical Windows system files. See Sophos File Integrity Monitoring: Default monitored locations.

You can set up custom monitoring if you want to monitor other locations.

For more information on variables see File Integrity Monitoring variables.

Custom monitoring

To monitor a location, do as follows.

1. Go to Custom monitoring.
2. Click Add location.

3. In Add location, select the item Type.

   If you select Folder, we monitor the folder and the files in it by default. To monitor only the files in the folder, deselect Monitor changes to the folder as well as the files.

   If you select Registry Key, we monitor the key but not the values in it. You must use the location type Registry Value to monitor values.

   You can use variables.

4. Click Add or Add Another.

To edit a location already in the list, click its path and update the details.

To delete a location from the list, click the cross on the right.

Monitoring exclusions

To exclude a location from monitoring, do as follows.

1. Go to Monitoring exclusions.
2. Click Add exclusion.

3. In Add exclusion, select the item Type.

   If you select Folder, you exclude the folder and the files in it.

   If you select Registry Key, you exclude the key and the registry values within it.

   You can use variables.

4. Click Add or Add Another.

To edit a location already in the list, click its path and update the details.

To delete a location from the list, click the cross on the right.