Hi I am trying to setup FIM to monitor our network for PCI. I have started with the PCI starter monitor but that shows all files on the C:\ that are .dll, .exe or .bat. I have many legit file types like these that are created on multiple directories. Does anyone have any best practices when it comes to which folders are the most vulnerable to attack or that should be watched? Also is it possible to exclude certain subfolders when selecting a monitoring location?
Thanks in advance for any help!