Varonis for

Windows File Shares

Scalably audit and alert on activity in your Windows file shares without parsing raw logs.

Windows logo


Windows has a lot of great built-in security auditing capabilities, but the massive event flow is often noisy and difficult to understand—not to mention expensive to store and process. It can slow down servers so much that many don’t even enable it.


Varonis’ proprietary file system filter for Windows SMB/CIFS file shares creates a human-readable audit trail without requiring native auditing. We capture all the critical events you need—like read, move, modify, delete— to detect, investigate, and recover from a security incident. Plus, we can handle millions of events per hour so you can monitor everything you need to with minimal server and network overhead.

Fill gaps in native auditing.

Answer key questions that can’t be determined using only the event log, such as when a file is created vs. modified and when someone failed to access a file (often important for security investigations.)

Limit your blast radius.

Varonis proactively detects threats with behavioral-based alerting. Built-in remediation capabilities allow you to remove excessive permissions to limit the impact of breaches.

Investigate incidents fast.

Quickly see the impact of a security incident, down to the individual files and how they may have been accessed or changed. Easily search the audit log by user, file server, or folder path.