KBI 311575 Issue Addressed: File Creation Event Is Not Archived When Creating A Zero-Byte File


Argent Advanced Technology 5.1A-1707-F or below


Tuesday, 12 September 2017


Argent for Compliance Engine parses Windows file audit events to generate file creation, modification and deletion events for archiving

When user creates a zero-byte file, for example, using right-click menu ‘New – > Text Document’, the File Creation Event was not captured

When a zero-byte file is created, there is actually no file object is created on disk

Only the folder directory information is updated

As a result, the sequence of Windows file audit events does not contain ‘WriteData’ event for the newly created file

The issue has been addressed in Argent Advanced Technology 5.1A-1707-G

Technical Background



Upgrade to Argent Advanced Technology 5.1A-1707-G or above