WatchDirectory home page
WatchDirectory Startseite (Deutsche Version)
Site WatchDirectory (Français)
  Welcome, Guest. Please Login or Register
YaBB - Yet another Bulletin Board
Page Index Toggle Pages: 1
Monitoring CryptoLocker (Read 714 times)
YaBB Newbies

Posts: 1
Monitoring CryptoLocker
Mar 12th, 2016 at 10:47am
Hello forum.
I am new to WD and because of the massive outbreak of CryptoLocker I am looking for a possibility for monitoring the changes of files on windows server shares. It should be able to react on delete, rename, make new file. I have found the Outbreak example on watchdirectory and my question is, how it has to be modified for recognize delete and rename actions.
Further it would be of interest, if it is possible to extract the (Active Directory or local)  name of user and computer who is performing these changes and pass the parameter to another script. The idea is that with these parameters an external script should block the user-write-access on the share or do some other actions, like shut down the suspicious computer remotely.

Thanks for your reply.
Back to top
IP Logged
YaBB Administrator

Posts: 2260
The Netherlands
Re: Monitoring CryptoLocker
Reply #1 - Mar 14th, 2016 at 7:41am

It has been a while when I wrote that script. It looks like it will handle any event (new file, deleted file etc). It all depends which event you select for the task, see

Getting info about the user is not really easy, sorry.
Back to top

Gert Rijs - gert (at) gdpsoftware (dot) com
End Alzheimer's:
WWW WWW GdPSoftware  
IP Logged
Page Index Toggle Pages: 1