File and Registry Integrity Monitoring with the Windows Security Log

12/11/2025 12:00:00 PM [(UTC-05:00) Eastern Time (US & Canada)] - Can't make the live event? Register anyway to receive a link to the recording.

Show/Hide All Time Zones

All Time Zones


Dateline Standard Time-(UTC-12:00) International Date Line West	12/11/2025 5:00:00 AM
UTC-11-(UTC-11:00) Coordinated Universal Time-11	12/11/2025 6:00:00 AM
Aleutian Standard Time-(UTC-10:00) Aleutian Islands	12/11/2025 7:00:00 AM
Hawaiian Standard Time-(UTC-10:00) Hawaii	12/11/2025 7:00:00 AM
Marquesas Standard Time-(UTC-09:30) Marquesas Islands	12/11/2025 7:30:00 AM
Alaskan Standard Time-(UTC-09:00) Alaska	12/11/2025 8:00:00 AM
UTC-09-(UTC-09:00) Coordinated Universal Time-09	12/11/2025 8:00:00 AM
Pacific Standard Time (Mexico)-(UTC-08:00) Baja California	12/11/2025 9:00:00 AM
UTC-08-(UTC-08:00) Coordinated Universal Time-08	12/11/2025 9:00:00 AM
Pacific Standard Time-(UTC-08:00) Pacific Time (US & Canada)	12/11/2025 9:00:00 AM
US Mountain Standard Time-(UTC-07:00) Arizona	12/11/2025 10:00:00 AM
Mountain Standard Time (Mexico)-(UTC-07:00) La Paz, Mazatlan	12/11/2025 10:00:00 AM
Mountain Standard Time-(UTC-07:00) Mountain Time (US & Canada)	12/11/2025 10:00:00 AM
Yukon Standard Time-(UTC-07:00) Yukon	12/11/2025 10:00:00 AM
Central America Standard Time-(UTC-06:00) Central America	12/11/2025 11:00:00 AM
Central Standard Time-(UTC-06:00) Central Time (US & Canada)	12/11/2025 11:00:00 AM
Easter Island Standard Time-(UTC-06:00) Easter Island	12/11/2025 12:00:00 PM
Central Standard Time (Mexico)-(UTC-06:00) Guadalajara, Mexico City, Monterrey	12/11/2025 11:00:00 AM
Canada Central Standard Time-(UTC-06:00) Saskatchewan	12/11/2025 11:00:00 AM
SA Pacific Standard Time-(UTC-05:00) Bogota, Lima, Quito, Rio Branco	12/11/2025 12:00:00 PM
Eastern Standard Time (Mexico)-(UTC-05:00) Chetumal	12/11/2025 12:00:00 PM
Eastern Standard Time-(UTC-05:00) Eastern Time (US & Canada)	12/11/2025 12:00:00 PM
Haiti Standard Time-(UTC-05:00) Haiti	12/11/2025 12:00:00 PM
Cuba Standard Time-(UTC-05:00) Havana	12/11/2025 12:00:00 PM
US Eastern Standard Time-(UTC-05:00) Indiana (East)	12/11/2025 12:00:00 PM
Turks And Caicos Standard Time-(UTC-05:00) Turks and Caicos	12/11/2025 12:00:00 PM
Paraguay Standard Time-(UTC-04:00) Asuncion	12/11/2025 2:00:00 PM
Atlantic Standard Time-(UTC-04:00) Atlantic Time (Canada)	12/11/2025 1:00:00 PM
Venezuela Standard Time-(UTC-04:00) Caracas	12/11/2025 1:00:00 PM
Central Brazilian Standard Time-(UTC-04:00) Cuiaba	12/11/2025 1:00:00 PM
SA Western Standard Time-(UTC-04:00) Georgetown, La Paz, Manaus, San Juan	12/11/2025 1:00:00 PM
Pacific SA Standard Time-(UTC-04:00) Santiago	12/11/2025 2:00:00 PM
Newfoundland Standard Time-(UTC-03:30) Newfoundland	12/11/2025 1:30:00 PM
Tocantins Standard Time-(UTC-03:00) Araguaina	12/11/2025 2:00:00 PM
E. South America Standard Time-(UTC-03:00) Brasilia	12/11/2025 2:00:00 PM
SA Eastern Standard Time-(UTC-03:00) Cayenne, Fortaleza	12/11/2025 2:00:00 PM
Argentina Standard Time-(UTC-03:00) City of Buenos Aires	12/11/2025 2:00:00 PM
Montevideo Standard Time-(UTC-03:00) Montevideo	12/11/2025 2:00:00 PM
Magallanes Standard Time-(UTC-03:00) Punta Arenas	12/11/2025 2:00:00 PM
Saint Pierre Standard Time-(UTC-03:00) Saint Pierre and Miquelon	12/11/2025 2:00:00 PM
Bahia Standard Time-(UTC-03:00) Salvador	12/11/2025 2:00:00 PM
UTC-02-(UTC-02:00) Coordinated Universal Time-02	12/11/2025 3:00:00 PM
Greenland Standard Time-(UTC-02:00) Greenland	12/11/2025 3:00:00 PM
Mid-Atlantic Standard Time-(UTC-02:00) Mid-Atlantic - Old	12/11/2025 3:00:00 PM
Azores Standard Time-(UTC-01:00) Azores	12/11/2025 4:00:00 PM
Cape Verde Standard Time-(UTC-01:00) Cabo Verde Is.	12/11/2025 4:00:00 PM
UTC-(UTC) Coordinated Universal Time	12/11/2025 5:00:00 PM
GMT Standard Time-(UTC+00:00) Dublin, Edinburgh, Lisbon, London	12/11/2025 5:00:00 PM
Greenwich Standard Time-(UTC+00:00) Monrovia, Reykjavik	12/11/2025 5:00:00 PM
Sao Tome Standard Time-(UTC+00:00) Sao Tome	12/11/2025 5:00:00 PM
Morocco Standard Time-(UTC+01:00) Casablanca	12/11/2025 6:00:00 PM
W. Europe Standard Time-(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna	12/11/2025 6:00:00 PM
Central Europe Standard Time-(UTC+01:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague	12/11/2025 6:00:00 PM
Romance Standard Time-(UTC+01:00) Brussels, Copenhagen, Madrid, Paris	12/11/2025 6:00:00 PM
Central European Standard Time-(UTC+01:00) Sarajevo, Skopje, Warsaw, Zagreb	12/11/2025 6:00:00 PM
W. Central Africa Standard Time-(UTC+01:00) West Central Africa	12/11/2025 6:00:00 PM
GTB Standard Time-(UTC+02:00) Athens, Bucharest	12/11/2025 7:00:00 PM
Middle East Standard Time-(UTC+02:00) Beirut	12/11/2025 7:00:00 PM
Egypt Standard Time-(UTC+02:00) Cairo	12/11/2025 7:00:00 PM
E. Europe Standard Time-(UTC+02:00) Chisinau	12/11/2025 7:00:00 PM
West Bank Standard Time-(UTC+02:00) Gaza, Hebron	12/11/2025 7:00:00 PM
South Africa Standard Time-(UTC+02:00) Harare, Pretoria	12/11/2025 7:00:00 PM
FLE Standard Time-(UTC+02:00) Helsinki, Kyiv, Riga, Sofia, Tallinn, Vilnius	12/11/2025 7:00:00 PM
Israel Standard Time-(UTC+02:00) Jerusalem	12/11/2025 7:00:00 PM
South Sudan Standard Time-(UTC+02:00) Juba	12/11/2025 7:00:00 PM
Kaliningrad Standard Time-(UTC+02:00) Kaliningrad	12/11/2025 7:00:00 PM
Sudan Standard Time-(UTC+02:00) Khartoum	12/11/2025 7:00:00 PM
Libya Standard Time-(UTC+02:00) Tripoli	12/11/2025 7:00:00 PM
Namibia Standard Time-(UTC+02:00) Windhoek	12/11/2025 7:00:00 PM
Jordan Standard Time-(UTC+03:00) Amman	12/11/2025 8:00:00 PM
Arabic Standard Time-(UTC+03:00) Baghdad	12/11/2025 8:00:00 PM
Syria Standard Time-(UTC+03:00) Damascus	12/11/2025 8:00:00 PM
Turkey Standard Time-(UTC+03:00) Istanbul	12/11/2025 8:00:00 PM
Arab Standard Time-(UTC+03:00) Kuwait, Riyadh	12/11/2025 8:00:00 PM
Belarus Standard Time-(UTC+03:00) Minsk	12/11/2025 8:00:00 PM
Russian Standard Time-(UTC+03:00) Moscow, St. Petersburg	12/11/2025 8:00:00 PM
E. Africa Standard Time-(UTC+03:00) Nairobi	12/11/2025 8:00:00 PM
Volgograd Standard Time-(UTC+03:00) Volgograd	12/11/2025 8:00:00 PM
Iran Standard Time-(UTC+03:30) Tehran	12/11/2025 8:30:00 PM
Arabian Standard Time-(UTC+04:00) Abu Dhabi, Muscat	12/11/2025 9:00:00 PM
Astrakhan Standard Time-(UTC+04:00) Astrakhan, Ulyanovsk	12/11/2025 9:00:00 PM
Azerbaijan Standard Time-(UTC+04:00) Baku	12/11/2025 9:00:00 PM
Russia Time Zone 3-(UTC+04:00) Izhevsk, Samara	12/11/2025 9:00:00 PM
Mauritius Standard Time-(UTC+04:00) Port Louis	12/11/2025 9:00:00 PM
Saratov Standard Time-(UTC+04:00) Saratov	12/11/2025 9:00:00 PM
Georgian Standard Time-(UTC+04:00) Tbilisi	12/11/2025 9:00:00 PM
Caucasus Standard Time-(UTC+04:00) Yerevan	12/11/2025 9:00:00 PM
Afghanistan Standard Time-(UTC+04:30) Kabul	12/11/2025 9:30:00 PM
West Asia Standard Time-(UTC+05:00) Ashgabat, Tashkent	12/11/2025 10:00:00 PM
Qyzylorda Standard Time-(UTC+05:00) Astana	12/11/2025 10:00:00 PM
Ekaterinburg Standard Time-(UTC+05:00) Ekaterinburg	12/11/2025 10:00:00 PM
Pakistan Standard Time-(UTC+05:00) Islamabad, Karachi	12/11/2025 10:00:00 PM
India Standard Time-(UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi	12/11/2025 10:30:00 PM
Sri Lanka Standard Time-(UTC+05:30) Sri Jayawardenepura	12/11/2025 10:30:00 PM
Nepal Standard Time-(UTC+05:45) Kathmandu	12/11/2025 10:45:00 PM
Central Asia Standard Time-(UTC+06:00) Bishkek	12/11/2025 11:00:00 PM
Bangladesh Standard Time-(UTC+06:00) Dhaka	12/11/2025 11:00:00 PM
Omsk Standard Time-(UTC+06:00) Omsk	12/11/2025 11:00:00 PM
Myanmar Standard Time-(UTC+06:30) Yangon (Rangoon)	12/11/2025 11:30:00 PM
SE Asia Standard Time-(UTC+07:00) Bangkok, Hanoi, Jakarta	12/12/2025 12:00:00 AM
Altai Standard Time-(UTC+07:00) Barnaul, Gorno-Altaysk	12/12/2025 12:00:00 AM
W. Mongolia Standard Time-(UTC+07:00) Hovd	12/12/2025 12:00:00 AM
North Asia Standard Time-(UTC+07:00) Krasnoyarsk	12/12/2025 12:00:00 AM
N. Central Asia Standard Time-(UTC+07:00) Novosibirsk	12/12/2025 12:00:00 AM
Tomsk Standard Time-(UTC+07:00) Tomsk	12/12/2025 12:00:00 AM
China Standard Time-(UTC+08:00) Beijing, Chongqing, Hong Kong, Urumqi	12/12/2025 1:00:00 AM
North Asia East Standard Time-(UTC+08:00) Irkutsk	12/12/2025 1:00:00 AM
Singapore Standard Time-(UTC+08:00) Kuala Lumpur, Singapore	12/12/2025 1:00:00 AM
W. Australia Standard Time-(UTC+08:00) Perth	12/12/2025 1:00:00 AM
Taipei Standard Time-(UTC+08:00) Taipei	12/12/2025 1:00:00 AM
Ulaanbaatar Standard Time-(UTC+08:00) Ulaanbaatar	12/12/2025 1:00:00 AM
Aus Central W. Standard Time-(UTC+08:45) Eucla	12/12/2025 1:45:00 AM
Transbaikal Standard Time-(UTC+09:00) Chita	12/12/2025 2:00:00 AM
Tokyo Standard Time-(UTC+09:00) Osaka, Sapporo, Tokyo	12/12/2025 2:00:00 AM
North Korea Standard Time-(UTC+09:00) Pyongyang	12/12/2025 2:00:00 AM
Korea Standard Time-(UTC+09:00) Seoul	12/12/2025 2:00:00 AM
Yakutsk Standard Time-(UTC+09:00) Yakutsk	12/12/2025 2:00:00 AM
Cen. Australia Standard Time-(UTC+09:30) Adelaide	12/12/2025 3:30:00 AM
AUS Central Standard Time-(UTC+09:30) Darwin	12/12/2025 2:30:00 AM
E. Australia Standard Time-(UTC+10:00) Brisbane	12/12/2025 3:00:00 AM
AUS Eastern Standard Time-(UTC+10:00) Canberra, Melbourne, Sydney	12/12/2025 4:00:00 AM
West Pacific Standard Time-(UTC+10:00) Guam, Port Moresby	12/12/2025 3:00:00 AM
Tasmania Standard Time-(UTC+10:00) Hobart	12/12/2025 4:00:00 AM
Vladivostok Standard Time-(UTC+10:00) Vladivostok	12/12/2025 3:00:00 AM
Lord Howe Standard Time-(UTC+10:30) Lord Howe Island	12/12/2025 4:00:00 AM
Bougainville Standard Time-(UTC+11:00) Bougainville Island	12/12/2025 4:00:00 AM
Russia Time Zone 10-(UTC+11:00) Chokurdakh	12/12/2025 4:00:00 AM
Magadan Standard Time-(UTC+11:00) Magadan	12/12/2025 4:00:00 AM
Norfolk Standard Time-(UTC+11:00) Norfolk Island	12/12/2025 5:00:00 AM
Sakhalin Standard Time-(UTC+11:00) Sakhalin	12/12/2025 4:00:00 AM
Central Pacific Standard Time-(UTC+11:00) Solomon Is., New Caledonia	12/12/2025 4:00:00 AM
Russia Time Zone 11-(UTC+12:00) Anadyr, Petropavlovsk-Kamchatsky	12/12/2025 5:00:00 AM
New Zealand Standard Time-(UTC+12:00) Auckland, Wellington	12/12/2025 6:00:00 AM
UTC+12-(UTC+12:00) Coordinated Universal Time+12	12/12/2025 5:00:00 AM
Fiji Standard Time-(UTC+12:00) Fiji	12/12/2025 5:00:00 AM
Kamchatka Standard Time-(UTC+12:00) Petropavlovsk-Kamchatsky - Old	12/12/2025 5:00:00 AM
Chatham Islands Standard Time-(UTC+12:45) Chatham Islands	12/12/2025 6:45:00 AM
UTC+13-(UTC+13:00) Coordinated Universal Time+13	12/12/2025 6:00:00 AM
Tonga Standard Time-(UTC+13:00) Nuku'alofa	12/12/2025 6:00:00 AM
Samoa Standard Time-(UTC+13:00) Samoa	12/12/2025 6:00:00 AM
Line Islands Standard Time-(UTC+14:00) Kiritimati Island	12/12/2025 7:00:00 AM

Webinar Registration

Ultimately everything is a file regardless of your platform or operating system. So, it naturally follows that monitoring file system changes is crucial to multiple defense scenarios and security requirements. In terms of compliance, PCI-DSS (which I find the most prescriptive in terms of specific security techniques) specifically calls out file integrity monitoring but all the frameworks call for detecting unauthorized changes and no one disputes FIM is an integral part of that.

Don’t think of FIM as just a tool for catching configuration drift or trojan file replacement. As important as those are, monitoring file system changes is so valuable for monitoring things that are arcane to your particular environment and business.

Here are 2 examples from our own operations. We have file auditing set up on the static file folders of our website and are instantly notified whenever files are added, deleted or modified. In our case we chose to get the notification whether it was a planned change or not because the innocuous notifications provide some positive confirmation that our monitoring and notification pipeline is working end-to-end. Another side of our company maintains a commercial software product. Monitoring changes to the source code repo and other key folders on the build server is part of a comprehensive defense-in-depth strategy to prevent us being the medium for a supply-chain compromise against our customers. So look for locations and systems specific to your environment where high value files are subject to well-defined modification patterns – these are great candidates for FIM above and beyond the generic OS.

In Windows, file auditing is covered by aptly named “File System” category. In this real training for free webinar, I’ll explain the 2-level file system audit policy in Windows where it’s necessary to turn it on at the system level and then on specific folders. I’ll show you how folder audit policy is based on the use of specified permissions. We’ll look at some of the more complex issues in Windows file auditing such as detecting file creations, duplicate events, and the limits of file auditing in terms of detecting what changed about a given file. In particular we will cover Event IDs:

4656 - A handle to an object was requested
4658 - The handle to an object was closed
4659 - A handle to an object was requested with intent to delete
4660 - An object was deleted
4663 - An attempt was made to access an object
4670 - Permissions on an object were changed

In Windows though, you also need to audit the registry because so much of the operating system security and application configuration is stored there. Ultimately the registry is a few monolithic “hive” files, but file auditing isn’t effective for the registry since each hive file holds thousands of settings. Thankfully there’s another audit category, “Registry”, which allows us to monitor registry keys and the values within them – even including the before and after data value. Registry auditing uses the same events as above except for 4657 which explicitly reports registry value changes. I’ll demonstrate how Registry auditing works in this session as well.

Windows auditing is a powerful tool that I rely on in our security efforts, but I have to acknowledge that along with that raw power comes some challenges. My sponsor for this real training for free session is Netwrix and Dirk Schrader, VP of Security Research at Netwrix, will briefly show you how Netwrix Change Tracker solves those challenges and will briefly show you how Netwrix Change Tracker solves those challenges and brings true integrity monitoring discipline to Windows environments. Netwrix Change Tracker continuously records all changes to files, folders, and registry keys — planned or unplanned — and correlates each change with its originating user, process, and configuration state. It eliminates the noise and ambiguity of raw event logs by providing clear, authoritative change intelligence: what changed, when, by whom, whether it was authorized, and whether it introduced risk.

Change Tracker also baselines system and application configurations, highlights drift from your approved golden state and automatically reconciles planned changes so your teams can focus on real unauthorized activity instead of combing through duplicate or low-value audit events. Its ability to track and validate change trails across Windows servers, workstations, and hybrid infrastructure makes it an ideal complement to native file and registry auditing — giving you full PCI-aligned file integrity monitoring, simplified compliance reporting, and immediate insight into any unexpected modifications across your environment.

Please join us for this real training for free session.

First Name:	Required
Last Name:	Required
Work Email:	Required Invalid email address
Phone:	Required
Organization:	Required
Country:	Required
City:	Required
State:	Required
Zip/Postal Code:	Required
Company Size:	RequiredRequired
Job Title:	RequiredRequired
Industry:	RequiredRequired
	Your information will be shared with the sponsor. By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor. Tweet

Upcoming Webinars

File and Registry Integrity Monitoring with the Windows Security Log

Additional Resources

User name:
Password:
	/ Forgot?
	Register

November 2025 Patch Tuesday	"Patch Tuesday - Only One Zero Day! " - sponsored by LOGbinder Software

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2025 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.