WatchDirectory home page
WatchDirectory Startseite (Deutsche Version)
Site WatchDirectory (Français)
  Welcome, Guest. Please Login or Register
YaBB - Yet another Bulletin Board
   
  HomeHelpSearchLoginRegister  
 
Page Index Toggle Pages: 1
Monitoring CryptoLocker (Read 637 times)
flowerpot
YaBB Newbies
*
Offline



Posts: 1
Monitoring CryptoLocker
Mar 12th, 2016 at 10:47am
 
Hello forum.
I am new to WD and because of the massive outbreak of CryptoLocker I am looking for a possibility for monitoring the changes of files on windows server shares. It should be able to react on delete, rename, make new file. I have found the Outbreak example http://www.watchdirectory.net/newsletter/outbreak.html on watchdirectory and my question is, how it has to be modified for recognize delete and rename actions.
Further it would be of interest, if it is possible to extract the (Active Directory or local)  name of user and computer who is performing these changes and pass the parameter to another script. The idea is that with these parameters an external script should block the user-write-access on the share or do some other actions, like shut down the suspicious computer remotely.

Thanks for your reply.
Back to top
 
 
IP Logged
 
Gert
YaBB Administrator
*****
Offline



Posts: 2225
The Netherlands
Re: Monitoring CryptoLocker
Reply #1 - Mar 14th, 2016 at 7:41am
 
Hi,

It has been a while when I wrote that script. It looks like it will handle any event (new file, deleted file etc). It all depends which event you select for the task, see http://www.watchdirectory.net/wdhelp/help/wdnewconfigpage4.html

Getting info about the user is not really easy, sorry.
Back to top
 

Gert Rijs - gert (at) gdpsoftware (dot) com
Blog: http://blog-en.gdpsoftware.com/
End Alzheimer's: http://www.alz.org&&...
WWW WWW GdPSoftware  
IP Logged
 
Page Index Toggle Pages: 1