Agents Administration - Tests
 

Configuration of ScrtyFlMdfctnChcksTest

The ScrtyFlMdfctnChcksTest test reports the number of files/folders that are modified. An abnormal increase in the number of modified files is an indication of malware activity. Therefore, by using this test, administrators are able to proactively detect any suspicious changes to the file/folder before it causes a potential security threat. The detailed diagnosis of this test provides additional details on the file name, time of last modification, etc.

The default parameters associated with this test are:

  • The TEST PERIOD list box helps the user to decide how often this test needs to be executed.

  • In the HOST text box, specify the host for which the test is to be configured.

  • In the PORT text box, specify the port at which the server is listening. By default, it is given as NULL.

  • Provide a comma-separated list of the full path of the files in the FILES TO BE MONITORED text box that are to be monitored. If the full path to any folder is configured here, then the test monitors the changes only for the files under the folder and not the sub-folders. By default, none is displayed in this text box.. In that case, this test will not be able to execute and hence no metrics will be generated.

  • The DD FREQUENCY parameter refers to the frequency with which detailed diagnosis measures are to be generated for this test. The default is 1:1. This indicates that, by default, detailed measures will be generated every time this test runs, and also every time the test detects a problem. You can modify this frequency, if you so desire. Also, if you intend to disable the detailed diagnosis capability for this test, you can do so by specifying none against DD FREQUENCY parameter.

  • To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option.

    The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:

    • The eG manager license should allow the detailed diagnosis capability
    • Both the normal and abnormal frequencies configured for the detailed diagnosis measures should not be 0.

  • If multiple components of the same component type are awaiting configuration, then an APPLY TO OTHER COMPONENTS button will appear in this page. Clicking on this button will allow you to apply the configuration to all/selected components of that type.

  • Once the necessary values have been provided, clicking on the UPDATE button will register the changes made.

When changing the configuration for specific servers, a “*” beside the text box corresponding to the parameter signifies that these values have to be manually configured by the user. The parameter values that require to be configured will typically be prefixed with a “$” or contain a series of “*”. A value of “none” in the parameter value indicates that the corresponding parameter value can be changed if required.