Post

Replies

Boosts

Views

Activity

Endpoint Security: How to reliably report file deletion
I have an ES client that tracks file activity on the system. Was I'm finding is that es_event_unlink_t events are sent when some process attempts to delete a file, but such attempts can fail, of course, due to permissions or any number of other reasons. Can you suggest ways for my client program to determine reliably whether a file was actually deleted? I suppose I could schedule a stat() or something, and assume the file was deleted if it doesn't exist (and wasn't re-created in the meantime), but it seems a bit fiddly. Am I missing anything?
Topic: Privacy & Security SubTopic: General
2
0
29
22h
Endpoint Security: How to reliably report file deletion
I have an ES client that tracks file activity on the system. Was I'm finding is that es_event_unlink_t events are sent when some process attempts to delete a file, but such attempts can fail, of course, due to permissions or any number of other reasons. Can you suggest ways for my client program to determine reliably whether a file was actually deleted? I suppose I could schedule a stat() or something, and assume the file was deleted if it doesn't exist (and wasn't re-created in the meantime), but it seems a bit fiddly. Am I missing anything?
Topic: Privacy & Security SubTopic: General
Replies
2
Boosts
0
Views
29
Activity
22h