Advice Request EventSentry

[cognat]

Has anyone try EventSentry solution to detect ransom ware?
Defeating Ransomware with EventSentry & Auditing – EventSentry Blog

 

[cognat]

No one?

 

[shmu26]

This proposed solution seems to be for servers, not for personal computers.
By the way, the article is more than a year old.
It is based on the well-known idea of tracking the number of file modifications. So that means even if it works, you will always lose a number of files until protection kicks in.

 

[cognat]

It not only for server but also for station. The idea it to detect the crypto beavior before it can spread on the network. Antivirus software try to detect crypto virus using the signature and I can tell you that it not effective, Our clients files are protected by backups so restoring the files it not an issue, the real issue it the time spend restoring or reinstalling infected client computers so if we can detect the crypto beaviors on a client computer and stop it from spreading on the network by locking down the station or even shuting it down this will reduce the time spend to restore the network state.

 

[Peter2150]

You might consider looking at Appguard. It will prevent the ransomware from ever running

 

[Handsome Recluse]

It also blocks other stuff, too.

 

[cognat]

That what I was reading about it, The probleme with that kind of software it that it prevent the users for using somme untrusted abblication but even Internet Explorer and Windows do that, the problem is that the user will ignore it and get infected any way or they will complain that they can't do what the wont on ther computer. Am not looking for a solution that will give me more work that I already have. So far the best solution I found is to try to detect the beaviors of a crypto. But am open to other solutions.