Does Symantec Endpoint Protection Have File Integrity Monitoring Fixed
| Pros | Cons | | :--- | :--- | | No need to install a separate agent (Tripwire, OSSEC) if you already have SEP. | Latency: Not strictly real-time. Alerts are delayed until the next scheduled scan. | | Compliance: Meets basic PCI-DSS requirements for FIM. | Management Overhead: Creating and maintaining Fingerprint Lists manually is time-consuming. | | Enforcement: Can automatically block network access for non-compliant machines. | Performance: Hashing thousands of files during a check can spike CPU usage on older servers. | | Low Cost: Included in the license (no extra fee). | Granularity: Lacks advanced features like file permission monitoring (e.g., alerting if "Everyone" gets Write access to a folder). |
In the newer Symantec Endpoint Security (SES) Complete or EDR products (cloud-native), file integrity monitoring is often delivered via File Change Monitoring or through Host Integrity Policies . These track changes to critical operating system files and registry keys, but they are typically tied to the EDR (Endpoint Detection and Response) module rather than a standalone FIM license. | Pros | Cons | | :--- |
File Integrity Monitoring is a security feature that monitors and controls changes to files and directories on a system. It ensures that files are not modified, deleted, or accessed unauthorized, which can help prevent data breaches, malware infections, and other security incidents. FIM is particularly important for organizations that handle sensitive data, such as financial information, personal identifiable information (PII), or intellectual property. | | Compliance: Meets basic PCI-DSS requirements for FIM
