Version

Argent Advanced Technology 5.1A-1707-F or below

Date

Tuesday, 12 September 2017

Summary

Argent for Compliance Engine parses Windows file audit events to generate file creation, modification and deletion events for archiving

When user creates a zero-byte file, for example, using right-click menu ‘New – > Text Document’, the File Creation Event was not captured

When a zero-byte file is created, there is actually no file object is created on disk

Only the folder directory information is updated

As a result, the sequence of Windows file audit events does not contain ‘WriteData’ event for the newly created file

The issue has been addressed in Argent Advanced Technology 5.1A-1707-G

Technical Background

N/A

Resolution

Upgrade to Argent Advanced Technology 5.1A-1707-G or above