Access SACL

Indicates that the system access-control list (SACL) was accessed.

Append Data /
Create Subdirectory /
Create Pipe Instance

Indicates that content was appended to a file, a subdirectory was created or a new instance of a named pipe was created.

Delete

Indicates that an object was deleted.

Delete Child

Indicates that a child object of the monitored directory was deleted.

Execute /
Traverse

Indicates that an object was executed or a directory was traversed.

Read Attributes

Indicates that attributes of an object were read.

Read Control

Indicates that the information in an objects security descriptor were read.

Read Data /
List Directory

Indicates that a files data was read or a directories contents were listed.

Read Extended Attributes

Indicates that the extended attributes of a file were read.

Synchronize

Indicates that an object was used for synchronization. (A thread is waiting until the object is in a certain state)

Write Attributes

Indicates that an objects attributes were written.

Write DACL

Indicates that the discretionary access control list of an object was modified.

Write Data /
Add File

Indicates that data was written to a file or a new file was created in a directory.

Write Extended Attributes

Indicates that the extended attributes of a file were written.

Write Owner

Indicates that the owner of an object was modified.