Network and Storage Protocols

Deleting a File on Windows 10 does not send FPolicy SMB_DEL request

MohitD
4,545 Views

Hi,

 

I have configured NetApp FPolicy on a SMB share. The FPolicy server I have developed get requests from NetApp. I am enabled all SMB filters (open, close, setattr, delete, delete_dir, rename, rename_dir).

 

I am using Data ONTAP 8.3.2. I deleted a file from my Windows 10 client. But NetApp does not send a FPolicy request with SMB_DEL. I only get SMB_OPEN and SMB_CLOSE requests on the file. 

 

Is there someway I can get a delete request when a file is deleted? I am also attaching a Wireshark packet trace for FPolicy captured on the FPolicy server. It has requests that NetApp sends to my FPolicy server.

 

Thanks for your help!

3 REPLIES 3

Jeff_Yao
4,454 Views

just a thought,

if you're testing, try the netapp native fpolicy to see if works?

MohitD
4,415 Views

Thanks. I will check.

mfriedenfeld
3,805 Views

Late reply, but I'm hoping one of you are still around.  I'm running into the same issue.  I've created a new fpolicy on my 8.3.2 c-mode netapp.  All SMB events are being sent to our fpolicy server (stealthaudit) with the exception of delete_file from windows 10 clients (delete folder is being sent from win 10).  I can't seem to locate any information on the native fpolicy being discussed in one of the replies.  Does anyone have any additional information I could review to try to resolve my issue?

 

Thanks!

 

 - Matt Friedenfeld

Public