Tamper detection applies to system‑generated audit and activity information stored by MOVEit Automation and is designed to provide evidence if those records are altered after they are written.

When tamper detection is enabled, MOVEit Automation uses cryptographic techniques to make changes to audit and activity data detectable. If an attempt is made to modify protected records outside of normal application behavior, the system can identify that the data has been altered.

Tamper Detection Components

Tamper detection in MOVEit Automation consists of several related components that work together:

Database Implementation

Tamper detection is implemented at the database level and relies on protected tables that store audit and activity data along with their associated cryptographic state.

The database implementation includes:
  • Storage of cryptographic hash values alongside audit and activity records
  • Chained relationships between successive records
  • Validation logic that recalculates and compares hash values during integrity checks

For further database implementation information, see Database Tamper Detection.

Tamper Detection Settings

Administrators enable or disable tamper detection from the SYSTEM area of the Web Admin interface. These settings control whether cryptographic protection is applied to new audit and activity records.

For configuration details, see Tamper Detection Settings.

Tamper Check Built‑in Script and Task

MOVEit Automation includes a built‑in Tamper Check task that uses the Tamper Check script to validate protected audit and activity data.

A corresponding Tamper Check task can be scheduled to:
  • Periodically check for evidence of tampering
  • Log detection results
  • Send notifications if tampering is detected

For more information, see Tamper Check.

Logging and Reporting

Results of tamper detection checks are written to system logs and can be reviewed by administrators. These logs provide a record of when checks were performed and whether any inconsistencies were found.

For information about the system logs, see System Log.

Backup, Restore, and Failover Considerations

Tamper detection relies on a cryptographic state that must be preserved across system maintenance operations. To ensure continued integrity checking:
  • Backups must include all required tamper detection data.
  • Restores must be performed carefully to avoid invalidating the cryptographic chain.
  • Failover and replication configurations must preserve tamper detection state across nodes.