Skip to content

Commit

Permalink
Update rules/integrations/endpoint/impact_elastic_ransomware_prevente…
Browse files Browse the repository at this point in the history 
…d.toml

Co-authored-by: Terrance DeJesus <[email protected]>
  • Loading branch information
@Samirbous @terrancedejesus
Samirbous and terrancedejesus authored Dec 18, 2024
1 parent 72443d4 commit 0382942
Showing 1 changed file with 0 additions and 1 deletion.
1 change: 0 additions & 1 deletion rules/integrations/endpoint/impact_elastic_ransomware_prevented.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,6 @@ Ransomware protection adds a dedicated layer of detection and prevention against
Generally, our ransomware protection is tuned to have extremely low false positives rates. We understand how alarming and disruptive ransomware false positives can be which has factored into its design goals. More likely than not, if this protection fires, it is a true positive. However, certain categories of software do behave similarly to ransomware from the perspective of this protection. That includes installers and backup software, which can make a large number of modifications to documents (especially during a restore operation). Further, encryption or system utilities which modify the system’s MBR may also trigger our MBR protection.
### Possible investigation steps
- The `Ransomware.files` field provides details about files modification (paths, entropy, extension and file headers).
Expand Down

0 comments on commit 0382942

Please sign in to comment.