Submit a ticketCall us

Have You Auto Renewed? If not, you're missing out.
The SolarWinds Renewal Program comes with a host of benefits including the most recent product updates, 24/7 technical support, virtual instructor-led training and more. Experience all of this with the convenience of Auto Renewal, and never worry about missing any of these great benefits. Learn More.

Home > Success Center > Log & Event Manager (LEM) > Disable the File Integrity Monitoring (FIM) driver

Disable the File Integrity Monitoring (FIM) driver

Table of contents
Created by Interspire Import, last modified by MindTouch on Jun 23, 2016

Views: 1,142 Votes: 0 Revisions: 20

This article provides brief information and steps to disable the File Integrity Monitoring (FIM) driver.

The FIM driver is installed and enabled during a LEM agent installation to a Windows machine. It allows the FIM connector to read and collect file auditing events from a Windows host. 

The FIM driver is disabled for troubleshooting purposes only. Contact your administrator to check for any security policies before performing the following steps. 

Environment

LEM 6.0.0 and later

Steps

Disable FIM driver from the LEM Console: 

  1. Log into your LEM console.
  2. Go to Manage > Nodes.
  3. Select the agents you want the FIM driver to disable on startup. 
    To select multiple agents, press and hold the Ctrl key.
  4. Click the FIM Driver Control drop-down and select Disable driver on agent startup.

The FIM driver should now be disabled from your LEM console. 

 

Disable FIM driver from the local machine:

  1. Open the Command Prompt (CMD) with administrator rights.
  2. Run the following command:
  • 32-bit Windows  - C:\Windows\System32\ContegoSPOP\FIM
  • 64-bit Windows  - C:\Windows\SysWOW64\ContegoSPOP\FIM

  3. Double-click the FIM uninstall script in the following location:

  • 32-bit Windows - C:\Windows\System32\ContegoSPOP\FIM\uninstall_driver.bat
  • 64-bit Windows - C:\Windows\SysWOW64\ContegoSPOP\FIM\uninstall_driver.bat

The FIM driver should now be disabled from your local machine. 

Last modified

Tags

Classifications

Public