Submit a ticketCall us

AnnouncementsTHWACKcamp 2018 is here

2018 is the seventh year for THWACKcamp™, and once again we’ll be live October 17 – 18 with packed session tracks covering everything from network monitoring and management, to change control, application management, storage, cloud and DevOps, security, automation, virtualization, mapping, logging, and more.

Register for online sessions.

Home > Success Center > Log & Event Manager (LEM) > LEM - Knowledgebase Articles > Disable the File Integrity Monitoring (FIM) driver

Disable the File Integrity Monitoring (FIM) driver

Table of contents
Created by Interspire Import, last modified by MindTouch on Jun 23, 2016

Views: 1,377 Votes: 0 Revisions: 20

This article provides brief information and steps to disable the File Integrity Monitoring (FIM) driver.

The FIM driver is installed and enabled during a LEM agent installation to a Windows machine. It allows the FIM connector to read and collect file auditing events from a Windows host. 

The FIM driver is disabled for troubleshooting purposes only. Contact your administrator to check for any security policies before performing the following steps. 

Environment

LEM 6.0.0 and later

Steps

Disable FIM driver from the LEM Console: 

  1. Log into your LEM console.
  2. Go to Manage > Nodes.
  3. Select the agents you want the FIM driver to disable on startup. 
    To select multiple agents, press and hold the Ctrl key.
  4. Click the FIM Driver Control drop-down and select Disable driver on agent startup.

The FIM driver should now be disabled from your LEM console. 

 

Disable FIM driver from the local machine:

  1. Open the Command Prompt (CMD) with administrator rights.
  2. Run the following command:
  • 32-bit Windows  - C:\Windows\System32\ContegoSPOP\FIM
  • 64-bit Windows  - C:\Windows\SysWOW64\ContegoSPOP\FIM

  3. Double-click the FIM uninstall script in the following location:

  • 32-bit Windows - C:\Windows\System32\ContegoSPOP\FIM\uninstall_driver.bat
  • 64-bit Windows - C:\Windows\SysWOW64\ContegoSPOP\FIM\uninstall_driver.bat

The FIM driver should now be disabled from your local machine. 

Last modified

Tags

Classifications

Public