Jump to content

Anti-Ransomware Logging?


AndyPP
 Share

Recommended Posts

Logging is not mentioned.

Whilst I understand it is not 'managed' until version 3.0 release, I am interested in *any* local logging available.

Logfiles?  Windows events?

 

====

I have seen this file under - C:\ProgramData\MalwarebytesARW\MBAMService\ArwDetections\b7912936-71c1-11e6-92e9-0800275225d0.json

Are such files useful, if we polled this directory for content, for existence of files?

Note, this entry is from 3 Sept.

====

DD5C438A820AC6BBE4FDCE298F2C2F13319815C9F4ADBEAB22D67E88B385315A
{
   "clientID" : "",
   "clientType" : "other",
   "id" : "b7912936-71c1-11e6-92e9-0800275225d0",
   "sourceDetails" : {
      "detectionTime" : "09\/3\/2016:20:32:30.374",
      "type" : "arw"
   },
   "threats" : [
      {
         "linkedTraces" : [

         ],
         "mainTrace" : {
            "cleanAction" : "quarantine",
            "cleanResult" : "notStarted",
            "cleanResultErrorCode" : 0,
            "cleanTime" : "",
            "objectPath" : "C:\\WINDOWS\\system32\\taskhostw.exe",
            "objectType" : "file",
            "suggestedAction" : {
               "fileDelete" : true,
               "fileReplace" : false,
               "fileTxtReplace" : false,
               "folderDelete" : false,
               "moduleUnload" : false,
               "noLinking" : false,
               "physicalSectorReplace" : false,
               "priorityHigh" : false,
               "priorityNormal" : false,
               "priorityUrgent" : false,
               "processUnload" : false,
               "regKeyDelete" : false,
               "regValueDelete" : false,
               "regValueReplace" : false,
               "useDDA" : false
            }
         },
         "ruleID" : 0,
         "threatID" : 0,
         "threatName" : "Malware.Ransom.Agent.Generic"
      }

Link to post
Share on other sites

Eventually when anti-ransomware is fully integrated with the management console we plan to support additional logging and centralized reporting features.

This forum is about on-going beta questions, so for questions on the business version it would be best to contact our Enterprise Support team directly.  They would be better able to help answer questions for your specific situation.  :)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.