If FIM is a compliance or security requirement (PCI DSS, HIPAA, etc.), do not rely on standard Symantec Endpoint Protection. Use a dedicated FIM tool or upgrade to Symantec EDR.
This is not true FIM (no hashing, no baseline rollback detection), but it detects changes. | Feature | Standard SEP | SEP + EDR add‑on | |--------|-------------|------------------| | Antivirus / Firewall / IPS | ✅ | ✅ | | Tamper Protection (SEP self‑protection) | ✅ | ✅ | | File Integrity Monitoring (FIM) | ❌ | ✅ (limited) | | Baselining & change alerts | ❌ | ✅ | | Real‑time file modification alerts | ❌ | ✅ |
# Example: Audit a folder for all changes auditpol /set /subcategory:"File System" /success:enable /failure:enable Monitor Event ID 4663 (File access attempts) and 4660 (File deletion)
Ya que estás aquí, te queremos invitar a ser parte de Interferencia. Suscríbete. Gracias a lectores como tú, financiamos un periodismo libre e independiente. Te quedan artículos gratuitos este mes.
If FIM is a compliance or security requirement (PCI DSS, HIPAA, etc.), do not rely on standard Symantec Endpoint Protection. Use a dedicated FIM tool or upgrade to Symantec EDR.
This is not true FIM (no hashing, no baseline rollback detection), but it detects changes. | Feature | Standard SEP | SEP + EDR add‑on | |--------|-------------|------------------| | Antivirus / Firewall / IPS | ✅ | ✅ | | Tamper Protection (SEP self‑protection) | ✅ | ✅ | | File Integrity Monitoring (FIM) | ❌ | ✅ (limited) | | Baselining & change alerts | ❌ | ✅ | | Real‑time file modification alerts | ❌ | ✅ | If FIM is a compliance or security requirement
# Example: Audit a folder for all changes auditpol /set /subcategory:"File System" /success:enable /failure:enable Monitor Event ID 4663 (File access attempts) and 4660 (File deletion) | Feature | Standard SEP | SEP +
Comentarios
yo creo que es delito porque
Añadir nuevo comentario