Looking for a program I can install on a Windows (2008R2) file server that will monitor file changes, so if a crypto malware or ransomware attach occurs and starts encrypting files at fast rate, I will get an email alert. I know you can achieve this with built in auditing but you have to manually check the logs, I want something that will alert me via email to unusual file changes. Anyone know of something like this?
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Navigation
Install the app
How to install the app on iOS
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
More options
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Software that monitors file changes and sends email alerts
- Thread starter ashman
- Start date
Sp33dFr33k
2[H]4U
- Joined
- Apr 20, 2002
- Messages
- 2,481
You could also try something like FSRM to monitor the shares. You can configure it to monitor for file types or extensions used by ransomware and have it notify you. We used to use FSRM to block the file types generated by the ransomware. Since it couldn't create the file it wouldn't encrypt them. I'm sure they're smarter now but it worked for us back then.
There are several good guides out there with different approaches.
Here's one:
Cryptolocker Canary - detect it early!
or
Stop Cryptolocker from Hitting Windows File Shares with FSRM
You could also just push out Crypto Prevent: CryptoPrevent Malware Prevention
There are several good guides out there with different approaches.
Here's one:
Cryptolocker Canary - detect it early!
or
Stop Cryptolocker from Hitting Windows File Shares with FSRM
You could also just push out Crypto Prevent: CryptoPrevent Malware Prevention
Any type of file server antivirus software will prevent this, that in conjunction with backups shouldn't be an issue at all.
http://media.kaspersky.com/pdf/b2b/KSFS_Datasheet.pdf <-- It's even mentioned in the product sheet ;-)
http://media.kaspersky.com/pdf/b2b/KSFS_Datasheet.pdf <-- It's even mentioned in the product sheet ;-)
Many products claim a lot of things, I have not heard or read of one instance where a ransomware infection was stopped by AV. I also have an aversion to Kaspersky products as I find them incredibly intrusive and aggressive, perhaps they have changed and gotten better.
Thanks though.
Thanks though.