List of supported file operation and filter combinations that FPolicy can monitor for SMB

When you configure your FPolicy event, you need to be aware that only certain combinations of file operations and filters are supported for monitoring SMB file access operations.

The list of supported file operation and filter combinations for FPolicy monitoring of SMB file access events is provided in the following table:

Supported file operations Supported filters
close monitor-ads, offline-bit, close-with-modification, close-without-modification, close-with-read, exclude-directory
create monitor-ads, offline-bit
create_dir Currently no filter is supported for this file operation.
delete monitor-ads, offline-bit
delete_dir Currently no filter is supported for this file operation.
getattr offline-bit, exclude-dir
open monitor-ads, offline-bit, open-with-delete-intent, open-with-write-intent, exclude-dir
read monitor-ads, offline-bit, first-read
write monitor-ads, offline-bit, first-write, write-with-size-change
rename monitor-ads, offline-bit
rename_dir Currently no filter is supported for this file operation.
setattr monitor-ads, offline-bit, setattr_with_owner_change, setattr_with_group_change, setattr_with_mode_change, setattr_with_sacl_change, setattr_with_dacl_change, setattr_with_modify_time_change, setattr_with_access_time_change, setattr_with_creation_time_change, setattr_with_size_change, setattr_with_allocation_size_change, exclude_directory