cancel
Showing results for 
Search instead for 
Did you mean: 

FIM Exclusions

FIM Exclusions

I would like to see the ability to add exclusions to the FIM connectors.  As an example: I can currently tell LEM to look at C:\Windows\ recursively for *.dll; however, I can't tell it to exclude certain folders such as C:\Windows\Temp or specific .dll files.

I have found several cases where specific files or folders see a high number of changes that I don't care about and I would love to have the ability to exclude those few items from an otherwise valid configuration.

9 Comments
byrona
Level 21

Not having this is really making things challenging for me, this seems like both a reasonable and relatively basic request.  Any thoughts on getting this into the product sooner rather than later?

I am working to replace our current FIM solution with LEM and this would be a huge win for me.

First thing I noticed while configuring the connector for a file server in our test environment. This is a really basic request but would help so much

byrona
Level 21

benjamin.shirley@craemer.com​ it's nice to know I am not the only person that feels this way.  Not having this ability is killing me as I have to write incredibly complex rules just to accomplish what could otherwise be done with a simple exclude.

dlitteer
Level 8

Just started  FIM over the regular Windows Audit and still get a lot of delete notifications for  .tmp and ~$.  It would be easier to add an exclude rather than multiple conditions for every other file type.

blanczak
Level 9

YES

I am currently working with a client for LEM who needs to be PCI compliant, so using the built-in FIM template for PCI for Windows connections is crucial. However, there are some events we would love to be able to ignore, like any event where the NT AUTHORITY\SYSTEM account was who made the change, or to ignore files in, for example, HP Insight's Program Files folder (surprisingly noisy) without the "workaround" being dealing with GPOs (not everyone is a wondrous AD admin that can delve that far into audit policies without help) or having to select every file and folder AROUND the thing you want to exclude. This is a feature that the lack of having is seriously changing my client's entire views on the product. They need it for PCI compliance, but can't consider themselves compliant because the events they have to monitor are lost in such a firehose of superfluous events that they only are able to keep a few weeks of data at best. We can tune out the folders using the "select around it" method but that only goes so far. Being able to have a whitelist-style list of services/files/folders to ignore events for would be extremely welcome and make the product much easier to use. I'd love to see some movement on this request.

Nathan Hejnicki

Loop1 Systems

ecklerwr1
Level 20

seems like a no brainer and one of the same problems I have with GFI EventsManger.  The noise generated inside the windows directories is insane.

jhynds Product Manager
Product Manager

FIM Exclusions are now possible as part of the SEM 6.7 release.

Screenshot 2019-05-27 at 13.29.50.png

li-migration Community Manager
Community Manager
Status changed to: Implemented