Identify Processes accessing a file?

(imported topic written by SystemAdmin)

Are there inspectors or is there a way to create an analyses that will identify processes that are accessing a certain file?

(imported comment written by SystemAdmin)

Hello Andrew,

You may already know, Microsoft provides an executable for getting the current “handle” state on a system. If you run that command and pipe the data out to a text file, you can follow it with a property or analysis to pull the information your looking for.

I’ve built a fixlet which distributes the Handle.exe to windows boxes so the utility is available on any windows system I sit down at.

http://bigfix.me/cdb/fixlet/643

I’ve added some EULA code so the system account doesn’t have any popups. Now you can use it to execute remotely and utilize the handle command to export the data you’re interested in.