I am experiencing troubles with the file Sensor. When trying to Monitor a file on the parent device I always get the error mentioned above. The dollar sign is used in the file name and for the parent device there are credentials stored which have access to the Path (they are not inherited).
I came across the article https://helpdesk.paessler.com/en/support/solutions/articles/760000635118173-cannot-access-file:-access-is-denied-5-code:-pe031 when trying to resolve the issue, but in my case there are specific credentials stored or did I misunderstand the solution?
I have also checked that SYSTEM has access to the file but still the error occurs. What else can I try to get the sensor working properly? Thank you in advance.
Article Comments
Unsure if relevant, but I've had this exact issue happen to me after installing the latest Cumulative Updates for Windows Server 2016:
- 2021-06 Cumulative Update for .NET Framework 4.8 for Windows Server 2016 for x64 (KB5003542)
- 2021-06 Cumulative Update for Windows Server 2016 for x64-based Systems (KB5003638)
Jun, 2021 - Permalink
Yes, meanwhile we have several cases where the security hardening changes relating to Event Tracing for Windows (ETW) for CVE-2021-31958 cause the Windows API sensor to stop working. This is also mentioned as "known issues" by microsoft for these windows updates.
Currently, there is not much we can do about this from our side I'm afraid. A update of the probe and target system to the same patch level might solve the issue. Alternatively, instead of the "Windows API" sensor, you could also try the WMI based alternative. The Windows updates should only affect the logging API, but not WMI.
Jun, 2021 - Permalink
Hello,
Have you tried changing the service logon user of the probe service (at services.msc) already as well?
If this is not working either and you want us to take a closer look, feel free to send us screenshots of the issue to support@paessler.com.
May, 2021 - Permalink