File Integrity Monitor

By default, the File Integrity Monitor does not monitor changes in the system folders or the file system's housekeeping files to not clutter task reports with information about routine file changes performed constantly by the operating system. You cannot include such folders in the monitoring scope.

The following folders and files are excluded from the monitoring scope:

• NTFS housekeeping files with file id from 0 to 33
• %SystemRoot%\Prefetch\
• %SystemRoot%\ServiceProfiles\LocalService\AppData\Local\
• %SystemRoot%\System32\LogFiles\Scm\
• %SystemRoot%\Microsoft.NET\Framework\v4.0.30319\
• %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\
• %SystemRoot%\Microsoft.NET\
• %SystemRoot%\System32\config\
• %SystemRoot%\Temp\
• %SystemRoot%\ServiceProfiles\LocalService\
• %SystemRoot%\System32\winevt\Logs\
• %SystemRoot%\System32\wbem\repository\
• %SystemRoot%\System32\wbem\Logs\
• %ProgramData%\Microsoft\Windows\WER\ReportQueue\
• %SystemRoot%\SoftwareDistribution\DataStore\
• %SystemRoot%\SoftwareDistribution\DataStore\Logs\
• %ProgramData%\Microsoft\\Windows\AppRepository\
• %ProgramData%\Microsoft\Search\\Data\Applications\Windows\
• %SystemRoot%\Logs\SystemRestore\
• %SystemRoot%\System32\Tasks\Microsoft\\Windows\TaskScheduler\

The application excludes top-level folders.

The component does not monitor files changes that bypass the ReFS/NTFS file system (file changes made through BIOS, LiveCD, and more).