Analysis of your IT infrastructure

Home Downloads Enterprise Contact


Monitorpack






Detect ransomware and virus attacks

In a Microsoft environment, by monitoring these elements precisely with Monitorpack, you will be able to detect the signs of a ransomware attack and react quickly to limit damage.

Your alerts from the Guard console


Here is a non-exhaustive table of elements allowing the detection of a ransomware attack, you can use part or all of these elements in order to obtain alarms indicating abnormal behavior. This will allow you to be alert and move forward in your investigations.

Information alerts

Action Nom du script Description How What
# Performance counters Instance Rule Value
1
# Windows processes Process name When Condition
# Windows services Service name When Condition
1 Firewall Windows Defender mpssvc Stopped True
2 Antivirus service Microsoft Defender WinDefend Stopped True
3 Windows Backup SDRSVC Stopped True
4 Microsoft Defender Basic Service MDCoreSvc Stopped True
# Windows Socket Socket name Port Value
# Windows shares Share name Share Value
# Windows printers Printer name Port Status
# Description Source Log Name Event Level
1 Connection Failure Microsoft-Windows-Security-Auditing Security 4625 FailureAudit
2 Account creation Microsoft-Windows-Security-Auditing Security 4720 SuccessAudit
3 Password change Microsoft-Windows-Security-Auditing Security 4723 SuccessAudit
4 Password reset Microsoft-Windows-Security-Auditing Security 4724 SuccessAudit
5 Iwindows service installation Service Control Manager System 7045 Information