# Example: Audit a folder for all changes auditpol /set /subcategory:"File System" /success:enable /failure:enable Monitor Event ID 4663 (File access attempts) and 4660 (File deletion)
This is not true FIM (no hashing, no baseline rollback detection), but it detects changes. | Feature | Standard SEP | SEP + EDR add‑on | |--------|-------------|------------------| | Antivirus / Firewall / IPS | ✅ | ✅ | | Tamper Protection (SEP self‑protection) | ✅ | ✅ | | File Integrity Monitoring (FIM) | ❌ | ✅ (limited) | | Baselining & change alerts | ❌ | ✅ | | Real‑time file modification alerts | ❌ | ✅ | # Example: Audit a folder for all changes
If FIM is a compliance or security requirement (PCI DSS, HIPAA, etc.), do not rely on standard Symantec Endpoint Protection. Use a dedicated FIM tool or upgrade to Symantec EDR. no baseline rollback detection)
Funded by the European Union, under Grant Agreement N° 101135323. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or REA. Neither the European Union nor the granting authority can be held responsible for them.