• State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 23 subscribers
  • Views 268 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Anyone using FIM on Desktop PCs?

dcokers

I am curious to know if anyone is using FIM on all desktop PCs in their organization. We currently only use it for our File Server but I see some benefits in using it on our desktop PCs as well. We currently have the LEM Agent on all PCs in our organization so adding them to the connector wouldn't be hard.

Are there any downsides, space concerns, too many events....etc.

Thanks!

  • 0

    I want to leave the conversation for the wider batch of customers who might be using FIM on their desktop machines, but you will want to be mindful of how it's configured for your Workstations as any type of file auditing can generate a much larger than expected number of events.

    I would suggest two things at a high level:

    1)  Be sure to get a good sample group and enable FIM for a few machines to help gauge and estimate the new event load.

    2)  Start with the pre-defined monitors.

    When first testing with FIM on my own workstation, turning FIM on for C:/ recursively and every type of action generated thousands of new events in an hour.  The default monitors omit files that will constantly be read and modified so as to help clean some of this up, but as with adding any node or new monitoring it will generate a large number of new events and you'll want to be mindful of how that will impact the capacity and sizing of your LEM.

  • 0 in reply to jrouviere

    Thanks, space isn't a concern for us at this time. I am more worried about CPU and memory usage on the appliance. We have ~400 PCs.

    I think file monitor on desktops could be valuable in tracking issues associated with mass file copy/deletions and in the areas of ransomware detection. We also have an issue with an application that writes files locally to the workstation when the application has a problem connecting to a network file repository. FIM would allow me to track that easier. 

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.