I just wanted to create a post about this file. I’m sure some admins have seen this and wondered what it was. The “BitlockerActiveMonitoringLogs” file on the system root directory, present on Microsoft Exchange 2013 servers.
I first noticed this on a clients setup, at first assuming the worst believing the system may have been compromised. However I have seen this file on multiple Exchange installs, on multiple clients, even in my own environment, and can confirm is it present no matter what the CU release level is, thus confirming it has nothing to do with being compromised.
Date modified I’m expecting reflects last system boot-up.
Surprised to see that there are no articles online regarding this file when searching for it specifically, so I decided to create this post to let you know you’re not alone, and the file probably is a system file.
While most of us frequently deploy new ESXi hosts, a question and task not oftenly discussed is how to properly decommission a VMware ESXi host. Some might be surprised to… Read More
This guide will outline the instructions to Disable the VMware Horizon Session Bar. These instructions can be used to disable the Horizon Session Bar (also known as the Horizon Client… Read More
Normally, any VMs that are NVIDIA vGPU enabled have to be manually migrated with manual vMotion if a host is placed in to maintenance mode, to evacuate the host. While… Read More
You may experience GPU issues with the VMware Horizon Indirect Display Driver in your environment when using 3rd party applications which incorrectly utilize the incorrect display adapter. This results with… Read More
Today we're going to cover a powerful little NAS being used with VMware; the Synology DS923+ VMware vSphere Use case and Configuration. This little (but powerful) NAS is perfect for… Read More
Today we'll go over how to install the vSphere vCenter Root Certificate on your client system. Certificates are designed to verify the identity of the systems, software, and/or resources we… Read More
View Comments
Awesome,i had some weird traffic from russia then started looking around my server and paniced when i checked that file in the root,thought that may have been connected with badwares and crypto viruses that encrypt data ,well google is my friend and ty for sharing this fact!
Thanks mate, I was also wondering about the presence of this file on the root of my exchange 2013 server and was scared that the system might be in danger, but thanks GOD this is not the case :)
Greetings. Perhaps it will be useful to someone as an addition
Per my knowledge, this is used for Managed Availability Bitlocker Deployment Discovery, the log path is hard coded on system directory and no way to configure. You can ignore it safely.
From this:
https://social.technet.microsoft.com/Forums/en-US/22773d76-1923-43e6-aa6a-a01a12bbb33f/bitlockeractivemonitoringlogs-file-in-system-root?forum=Exch2016Adm