I just wanted to create a post about this file. I’m sure some admins have seen this and wondered what it was. The “BitlockerActiveMonitoringLogs” file on the system root directory, present on Microsoft Exchange 2013 servers.
I first noticed this on a clients setup, at first assuming the worst believing the system may have been compromised. However I have seen this file on multiple Exchange installs, on multiple clients, even in my own environment, and can confirm is it present no matter what the CU release level is, thus confirming it has nothing to do with being compromised.
Date modified I’m expecting reflects last system boot-up.
Surprised to see that there are no articles online regarding this file when searching for it specifically, so I decided to create this post to let you know you’re not alone, and the file probably is a system file.
Awesome,i had some weird traffic from russia then started looking around my server and paniced when i checked that file in the root,thought that may have been connected with badwares and crypto viruses that encrypt data ,well google is my friend and ty for sharing this fact!
Thanks mate, I was also wondering about the presence of this file on the root of my exchange 2013 server and was scared that the system might be in danger, but thanks GOD this is not the case 🙂
Greetings. Perhaps it will be useful to someone as an addition
Per my knowledge, this is used for Managed Availability Bitlocker Deployment Discovery, the log path is hard coded on system directory and no way to configure. You can ignore it safely.
From this:
https://social.technet.microsoft.com/Forums/en-US/22773d76-1923-43e6-aa6a-a01a12bbb33f/bitlockeractivemonitoringlogs-file-in-system-root?forum=Exch2016Adm