Upcoming Events
Symantec Endpoint Protection addresses this need primarily through its "System Lockdown" and "Tamper Protection" features. Technically, SEP does not label its main interface "File Integrity Monitoring" in the same way a dedicated compliance tool like Tripwire might. However, the underlying technology functions identically to FIM principles. SEP allows administrators to define a baseline of trusted files and applications. Once a "fingerprint" or whitelist is established, the solution can monitor the integrity of the system by blocking or alerting on any file that deviates from that baseline. This process effectively monitors file integrity by ensuring that critical system files and approved applications are not modified, replaced, or corrupted.
Formerly known as Critical System Protection, this is the primary solution for FIM. It uses a kernel-level agent to provide real-time file integrity monitoring (RT-FIM) , alerting you whenever critical system files, registry keys, or configuration files are modified. SEP allows administrators to define a baseline of
Additionally, the now-retired Symantec Critical System Protection (SCSP) was a dedicated FIM product. Formerly known as Critical System Protection, this is