# Chapter 5: Monitoring

## **Chapter 5: Monitoring**

### 5.1 Request Table

If the GUI is running and a non-whitelisted program attempts a file modification, the request will be displayed in the request table, and an administrator may control the file access. If a request isn't answered within 1 minute, access is denied automatically. Access can be manually set by clicking the "Set Access" drop-down list in the Access column and choosing an access option.

<figure><img src="https://lh5.googleusercontent.com/DyzUg9-7cSBXCCiclItoT_YO7XpKo1mGyv63mpo-5NqYdhRechQOPuSBQNV7tevdOAPVUVSesKYCaqyEGORKeScTZarefH7deSTI6Uzuc2OyytfGcN_oIyb3Xm4-wQBJMAPZNSEBxkkVIK8Ewo06dKHyZzhLsIVf4qWR9mSRhgl6Dt4qzm0b_smSMKpr1P7Em8ylOQDXdw" alt=""><figcaption></figcaption></figure>

**The following options are available:**

* GRANT – Allows the running process to modify the specified file object
* DENY – Denies the running process from modifying the specified file object
* AUTHORIZE PID – Write access is granted to all files for the specified process until its termination (NT kernel and system processes are excluded.)
* WHITELIST PROGRAM – The whitelisted program is permanently allowed to modify existing files.

<figure><img src="https://lh6.googleusercontent.com/PHpvJxnqtMbN2b9QUfcK-lsasvCP9BTCfdo-lFyzdsCmtxvMBOHw4vGT-75N8RYzl08AhXa8aUvbjPXOZlGGQOSnWCTEETWLk0q8jd713bdmnYXy24GUb0otOrmkCc6jcdSSxsXRIRUbNRHg2vwS9MknSMw_2i6cL2IsHisEwD4L7XiwsPSz99d2JJtFAx8_4CwzPi384w" alt=""><figcaption></figcaption></figure>

### 5.2 Status Information

An overall status is shown in the “Monitoring” window in the tab "Status."

<figure><img src="https://lh6.googleusercontent.com/buOyEVuwPJ4GU6I6FkzFRyM8Lgfbu_HVXwGlX8Itbf_vaPfxlykUIkvdY43V-wzKoYiOef3BbY5_MWmQ2EEX2fFAYhFtoX02-S_VtkmpwELTsnYwRqypuXstqgUiin9Zvdd3rOELnih6uLEsEd_hMavIfoWEMHAm_oG7xPhHRiBBeg3nRR8JyiiFsYt1ilRdhBzk_pUIog" alt=""><figcaption></figcaption></figure>

### 5.3 Access Log

BlockyforVeeam® logs all modification requests and responses on protected files to the file C:ProgramDataGrauDataBlockyAccessControl.log. The content of the log file is also displayed in the “Monitoring” window in the "Logging" tab.

<figure><img src="https://lh6.googleusercontent.com/3h__T5NRXMtZz_2sCftjQRvK5UE76VNxNroE9W3OAzpNE9otd_2bu1DbfbeI6fxw_3sJIM6VzKp6OCgqOxnXKv1uMJ-iIMT4KuuE92i2cZmsfzuHIwvkAhMzMJJgTY_Pwb-nCIGUpDpFUB2LMpspi6gk74YepCq1u4qIoCX6lWXjK9Z8Wn9tXk8B30-bGX54tdS3j2mSgw" alt=""><figcaption></figcaption></figure>

### 5.4 License Information

To show the license status select the tab "License Info" from the “Monitoring” window.

<figure><img src="https://lh4.googleusercontent.com/bqXSxID4EmSlec9xiGzpmECmH9bHZNjppGlzwB9uw7Y2mdlfSk8ZWS4O6FiSRcv6BNJfsIOheCslMViRffYfQojQPfRAfW9IuGRpDSp0gMJvnpR6hANiBwahdVkIGTeuyRneKUZRqZSDYrwCCL4ZuY5-MifhVNjmGPTCTWP0yhD48i5kU02R7Kwj7MFZq1GoPkzuB1PTEw" alt=""><figcaption></figcaption></figure>

### 5.5 Alert Notifications

To check for notifications select the tab “Notifications” from the “Monitoring” window.

<figure><img src="https://lh4.googleusercontent.com/FLXpizOoGEB9pGiQfL3gunfGLFWngEcddYGw75PDPi5OWdsW8GvDu2gQCzV1Hw8vmc0LiTCfdVidGTP4DkJZjuuhK5Fye4N_LQwsk57kiUfT9voVVcBnz11Zi8g_5foH2qxokXoZ8XFdM5VOj7BYqKAUGU4xKcDobpEX2euTTNZlQoBak4gK0BGXBiCoszcq_tDoO3XeDg" alt=""><figcaption></figcaption></figure>

### 5.6 Windows event logs

Further status information is available in the Windows application and system event logs.

### 5.7 Raw volume access

Some Windows System Services may perform raw volume access on certain volumes, for example, Windows components <mark style="color:red;">svchost.exe, vssvc.exe, or vds.exe.</mark> On Blocky- protected volumes, some of these raw volume accesses are handled by Blocky and will be denied as these components are usually not whitelisted. This results in unauthorized access event or, if the GUI is running, the raw volume access is displayed in the request table. See below for a notification example.

The components svchost.exe and fsdmhost.exe must be whitelisted when using NTFS Deduplication. When using Shadow Copy, either manually or via scheduling, you have to whitelist the components <mark style="color:red;">svchost.exe</mark> and <mark style="color:red;">vssvc.exe.</mark> ***occurred 2 times. (threshold settings: Count: 1 / TimeInterval:0 min)***

***additional information:***

<mark style="color:red;">PID: 1724, App: C:\Windows\System32\vds.exe, File: \Device\HarddiskVolume3, User: NT AUTHORITY\SYSTEM</mark>

<mark style="color:red;">PID: 1724, App: C:\Windows\System32\vds.exe, File: \Device\HarddiskVolume3, User: NT AUTHORITY\SYSTEM</mark>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.blockyforveeam.com/administration-guide/chapter-5-monitoring.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.