From Software and Computer Systems Company:
FSE is a file system events monitor for Macintosh systems running Mac OS X. A file system events monitor is an application that displays and optionally logs all file modifications occurring on a Macintosh computer running Mac OS X, even those being done in the background that the user is unaware of. FSE output is displayed on a user interface that identifies all file system activity using the full path name of every file being modified as well as the processes and applications making the modifications. Among other things, FSE is suitable for identifying applications running in the background, assisting in spyware removal, assisting in adware removal, detecting what operations are occurring at a given time, and identifying when specific events occur on a Macintosh system. FSE has two modes of operation, Default Mode and Profile Mode. In Default Mode, FSE displays and optionally logs all events coming from the file system events daemon. In Profile Mode, FSE targets only specific events based on a user created profile. The use of profiles allows FSE to become event driven, rather than simply a device to identify all file activity with no regard to what it's receiving. When FSE is in Profile Mode it can target specific file system events based on an application name, a process ID number, a user name (short), a specific file by name, a specific directory by name, or a generic string. FSE will report the creation of a file or directory, deletion of a file or directory, modification of a files content, permissions change to a file or directory, ownership changes to a file or directory, changes to extended attributes on a file or directory, renaming a file or directory, and data exchange between two files. This is useful for identifying processes that may be excessively drive intensive, identifying unauthorized access to a system, recording installation activities, identifying processes and files associated with unwanted applications such as spyware/malware/adware, assisting in identifying when remote access to a system is occurring, identifying system application crashes, and a host of others. FSE is not intended to be used by novice or casual users of Mac OS X. It is intended to be used by system administrators, developers, and security personnel. The user should be familiar with processes and process IDs, user IDs, and full command line path names for files and directories.