netwrix · hilram7 · Jun 8, 2026 · Jun 8, 2026 · Jun 8, 2026 · Jun 8, 2026
@@ -26,7 +26,7 @@ knowledge_article_id: kA0Qk0000000ahpKAA
 
 # Corrupt ErrorEvent in Event Reports
 
-## Symptoms
+## Symptom
 
 - The events report in Netwrix Change Tracker contains one or more `ErrorEvent` events. Their description states `Corrupt`.
 - Agent logs (see [Rolling-Log File Location](/docs/changetracker/8_1/install/agent/rollinglogfile)) contain the following line:

@@ -0,0 +1,48 @@
+---
+description: >-
+  Antivirus and endpoint detection and response (EDR) exclusions required for
+  Netwrix Change Tracker agents and Hub to avoid performance degradation.
+keywords:
+  - antivirus exclusions
+  - EDR exclusions
+  - agents
+  - Hub
+  - MongoDB
+  - performance
+  - Gen7AgentCore
+  - nntgen7agentcore
+  - w3wp.exe
+  - mongod.exe
+  - AV exclusions
+  - endpoint protection
+products:
+  - change-tracker
+sidebar_label: Antivirus Exclusions
+tags:
+  - kb
+  - configuration-and-setup
+title: Adding Antivirus Exclusions for Netwrix Change Tracker
+knowledge_article_id: ""
+---
+
+# Adding Antivirus Exclusions for Netwrix Change Tracker
+
+## Overview
+
+Antivirus (AV) and endpoint detection and response (EDR) solutions may negatively affect Netwrix Change Tracker performance. Add the following exclusions to avoid potential performance degradation.
+
+## Instructions
+
+### Exclusions for Change Tracker Agents
+
+| Name/Platform | Service | Process | Folder |
+|---|---|---|---|
+| Windows NetCore Agent | `Gen7AgentCore` | `Gen7Agent.App.NetCore.exe` | - `C:\ProgramData\NNT\gen7agent.app.netcore`<br />- `C:\Program Files\NNT Change Tracker Suite\Gen7Agent (NetCore)` |
+| Linux NetCore Agent | `nntgen7agentcore` | `/opt/nnt/gen7agentcore/bin/Gen7Agent.App.NetCore` | - `/var/nnt/gen7agent.app.netcore/`<br />- `/opt/nnt/gen7agentcore/` |
+| Linux Express Agent | `nntexpressagent` | `/opt/nnt/expressagent/expressAgent` | - `/var/nnt/expressagent/`<br />- `/opt/nnt/expressagent/` |
+
+### Exclusions for Change Tracker Hub
+
+| Service | Process | Folder |
+|---|---|---|
+| - `MongoDB`<br />- `W3SVC (Windows IIS Service)` | - `mongod.exe` (MongoDB Database Service)<br />- `w3wp.exe` (IIS Worker Process) | - `C:\Program Files\NNT Change Tracker Suite\Gen7\`<br />- `C:\inetpub\wwwroot\Change Tracker Generation 7 (NetCore) Hub`<br />- `C:\inetpub\wwwroot\Change Tracker Generation 7 (NetCore) WebUI`<br />- `C:\ProgramData\Change Tracker Generation 7 (NetCore)\MongoDB\`<br />- `C:\Program Files\NNT Change Tracker Suite\Gen7\MongoDB\` |
@@ -0,0 +1,41 @@
+---
+description: >-
+  Configuring File Approved Safe Technology (FAST) in Netwrix Change Tracker
+  by creating a Planned Change rule set with a FAST Match rule.
+keywords:
+  - FAST
+  - File Approved Safe Technology
+  - Planned Change
+  - FAST Match
+  - file monitoring
+  - Planned Change Wizard
+  - FAST Match rule
+  - FAST cloud
+  - file approved safe
+  - planned change rule set
+  - FAST configuration
+products:
+  - change-tracker
+sidebar_label: Configuring FAST
+tags:
+  - kb
+  - configuration-and-setup
+title: Configuring FAST in Netwrix Change Tracker
+knowledge_article_id: ""
+---
+
+# Configuring FAST in Netwrix Change Tracker
+
+## Overview
+
+File Approved Safe Technology (FAST) automatically reconciles known-good file changes against a cloud-based allowlist. This article describes how to configure FAST in Netwrix Change Tracker.
+
+## Instructions
+
+1. Log in to the Change Tracker web console with an admin account.
+2. Navigate to the **Planned Changes** page.
+3. Select **Actions** > **Planned Change Wizard** > **Create a new Planned Change Rule set**.
+4. Click **Add Planned Change Rule**. In the new window, select **FAST Match** in the **Enter rule details or apply standard rule settings** dropdown list.
+5. Click **Update**.
+6. Allow **All Groups** to be tracked, and check both **No Start, Continuous** and **No End, Continuous** checkboxes.
+7. Click **Finish** to save the planned change rule set.
@@ -0,0 +1,40 @@
+---
+description: >-
+  Exporting events from the Netwrix Change Tracker Events page to CSV, PDF,
+  or XLSX format.
+keywords:
+  - export events
+  - CSV
+  - PDF
+  - XLSX
+  - events page
+  - export limit
+  - filters
+  - event export
+  - 50000 events
+  - export button
+products:
+  - change-tracker
+sidebar_label: Exporting Events to CSV, PDF, or XLSX
+tags:
+  - kb
+  - configuration-and-setup
+title: Exporting Events from the Events Page to CSV, PDF, or XLSX
+knowledge_article_id: ""
+---
+
+# Exporting Events from the Events Page to CSV, PDF, or XLSX
+
+## Overview
+
+This article describes how to export Netwrix Change Tracker events to CSV, PDF, or XLSX format from the Events page.
+
+## Instructions
+
+1. Click the **Events** tile.
+2. Select the device to export events for. To export events for all devices, do not select a specific device.
+3. Click **Filter** and adjust the filter criteria for the event types you want to export.
+4. Review the active filters displayed at the top of the Events page. Remove any unwanted filters by clicking the **X** next to them.
+5. Click **Export** and select the preferred output format.
+
+> **NOTE:** You can export up to 50,000 events at a time. To export more than 50,000 events, see [Exporting More Than 50k Events](exporting-more-than-50k-events.md).
@@ -0,0 +1,51 @@
+---
+description: >-
+  Exporting more than 50,000 events from Netwrix Change Tracker using the
+  Settings Export and Import feature when the Events page export button is
+  disabled.
+keywords:
+  - export events
+  - CSV
+  - 50k limit
+  - PowerShell
+  - DeviceEvent
+  - bulk export
+  - Export and Import
+  - events.csv
+  - export greyed out
+  - export disabled
+  - 50000 events limit
+products:
+  - change-tracker
+sidebar_label: Exporting More Than 50k Events
+tags:
+  - kb
+  - configuration-and-setup
+title: Exporting More Than 50k Events
+knowledge_article_id: ""
+---
+
+# Exporting More Than 50k Events
+
+## Overview
+
+When the Events page contains more than 50,000 events, Netwrix Change Tracker disables the export button. Use the **Export and Import** feature in Settings to export large event sets.
+
+## Instructions
+
+1. Navigate to **Settings** > **Export and Import**.
+2. For **Export Type**, select **Events Only**.
+3. For **Export Format**, select **Text (CSV)**.
+4. Select the **Start** and **End** dates for the export range.
+5. Click **Perform Export**.
+6. Scroll down, download the export, and unzip the CSV file.
+
+### Filtering the Exported CSV
+
+In some cases, you may need to filter the exported CSV to isolate specific event types. Open a PowerShell prompt with admin privileges, navigate to the folder containing the CSV, and run:
+
+```powershell
+Get-Content .\events.csv | Select-String 'DeviceEvent' | Set-Content DeviceEventsOnly.csv
+```
+
+This command filters the CSV to include only `DeviceEvent` rows and saves them to a new file.
@@ -0,0 +1,43 @@
+---
+description: >-
+  Supported TLS versions for in-transit encryption and MongoDB at-rest
+  encryption options for Netwrix Change Tracker.
+keywords:
+  - in-transit encryption
+  - at-rest encryption
+  - TLS
+  - MongoDB
+  - ASP.NET Core
+  - data protection
+  - TLS 1.3
+  - MongoDB Enterprise
+  - MongoDB Community
+  - encryption at rest
+  - data encryption
+products:
+  - change-tracker
+sidebar_label: In-Transit and At-Rest Data Encryption
+tags:
+  - kb
+  - configuration-and-setup
+title: Configuring In-Transit and At-Rest Data Encryption
+knowledge_article_id: ""
+---
+
+# Configuring In-Transit and At-Rest Data Encryption
+
+## Overview
+
+This article covers the supported encryption options for Netwrix Change Tracker data both in transit and at rest.
+
+## Instructions
+
+### In-Transit Encryption
+
+Change Tracker supports Transport Layer Security (TLS) protocol version 1.3 and earlier for in-transit data encryption. Disable nontarget protocol versions in your environment to ensure you use the intended TLS version.
+
+### At-Rest Encryption
+
+MongoDB Community Edition, which is included in the Change Tracker installation wizard, does not support at-rest data encryption. This feature is available in MongoDB Enterprise only. For details, see [MongoDB Encryption At-Rest](https://www.mongodb.com/docs/manual/core/security-encryption-at-rest/).
+
+> **IMPORTANT:** The ASP.NET Core data protection API encrypts data such as user accounts, passwords, and network device credentials by default. Both MongoDB Community and Enterprise editions encrypt this type of data.
@@ -0,0 +1,42 @@
+---
+description: >-
+  Preventing Netwrix Change Tracker from recreating default OS groups after
+  deletion by adding the CreateDefaultGroups configuration item.
+keywords:
+  - default groups
+  - CreateDefaultGroups
+  - IIS
+  - application pool
+  - configuration settings
+  - Add Config Item
+  - System Settings
+  - Show Advanced Options
+  - IIS application pool recycle
+  - default OS groups
+  - group recreation
+products:
+  - change-tracker
+sidebar_label: Preventing Default Group Recreation
+tags:
+  - kb
+  - configuration-and-setup
+title: Preventing Change Tracker from Recreating Deleted Default Groups
+knowledge_article_id: ""
+---
+
+# Preventing Change Tracker from Recreating Deleted Default Groups
+
+## Overview
+
+The Netwrix Change Tracker console recreates default groups and their attached configuration templates and compliance reports whenever IIS recycles the application pool, which occurs every 29 hours by default.
+
+## Instructions
+
+To prevent default groups from being recreated:
+
+1. Log in to Change Tracker.
+2. Navigate to **Settings** > **System Settings**.
+3. Click **Show Advanced Options**.
+4. Click **Add Config Item**.
+5. In the **Description** field, enter `CreateDefaultGroups`. In the **Value** field, enter `No`.
+6. Click **Update**.
@@ -0,0 +1,41 @@
+---
+description: >-
+  Re-registering a device that was previously deleted from Netwrix Change
+  Tracker using the Agents and Devices settings page.
+keywords:
+  - re-register
+  - deleted device
+  - Agents and Devices
+  - device restore
+  - No Group Filter
+  - re-register device
+  - deleted agent
+  - device offline
+  - restore device
+  - agent re-registration
+  - No Group Filter setting
+products:
+  - change-tracker
+sidebar_label: Re-Registering a Deleted Device
+tags:
+  - kb
+  - configuration-and-setup
+title: Re-Registering a Deleted Device on Change Tracker
+knowledge_article_id: ""
+---
+
+# Re-Registering a Deleted Device on Change Tracker
+
+## Overview
+
+This article describes how to re-register a device that you previously deleted from Netwrix Change Tracker.
+
+## Instructions
+
+1. Log in to the Change Tracker console.
+2. Navigate to **Settings** > **Agents & Devices**.
+3. Change the filter in the top-left corner to **[No Group Filter]**.
+4. The deleted devices are now visible in the **Agents & Devices** page with a **Re-Register** option.
+5. Click **Re-Register** next to the device to restore it.
+
+The device should now appear online in the Change Tracker console.
@@ -0,0 +1,44 @@
+---
+description: >-
+  Using the Planned Change Wizard to create a planned change schedule and
+  resubmit unplanned events in bulk in Netwrix Change Tracker.
+keywords:
+  - resubmit events
+  - planned change
+  - bulk resubmit
+  - Planned Change Wizard
+  - unplanned changes
+  - resubmit unplanned changes
+  - Events tab
+  - All Events
+  - Actions menu
+  - planned change rule set
+  - event resubmission
+products:
+  - change-tracker
+sidebar_label: Resubmitting Unplanned Changes
+tags:
+  - kb
+  - configuration-and-setup
+title: Resubmitting a Group of Unplanned Changes
+knowledge_article_id: ""
+---
+
+# Resubmitting a Group of Unplanned Changes
+
+## Overview
+
+This article describes how to resubmit unplanned changes in bulk in Netwrix Change Tracker by creating a planned change schedule and resubmitting the events.
+
+## Instructions
+
+1. Navigate to the **Planned Changes** tab and click **Actions** > **Planned Change Wizard**.
+2. Click **Next** and proceed with the **Create a new Planned Change Rule Set** option.
+3. Create a rule to match the events. You can match all events using `Any` for all options, or specify a path for the events.
+4. Once the rules are created, click **Next** and proceed with customizing the planned change.
+5. Select the **Group of Devices** and the **Date/Time** range during which the events occurred.
+6. Continue through the wizard and customize the name and description.
+7. After the planned change is created, navigate to the **Events** tab and filter the events.
+8. On the **Events** page, select the **All Events** option and click **Actions** > **Resubmit selected events**.
+
+Change Tracker verifies the resubmitted events against the planned change rules.