From 038294292cc34278d7291b23cf5daee3832f3457 Mon Sep 17 00:00:00 2001
From: Samirbous <64742097+Samirbous@users.noreply.github.com>
Date: Wed, 18 Dec 2024 15:29:58 +0000
Subject: [PATCH] Update
 rules/integrations/endpoint/impact_elastic_ransomware_prevented.toml

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
---
 .../endpoint/impact_elastic_ransomware_prevented.toml            | 1 -
 1 file changed, 1 deletion(-)

diff --git a/rules/integrations/endpoint/impact_elastic_ransomware_prevented.toml b/rules/integrations/endpoint/impact_elastic_ransomware_prevented.toml
index c9bb898780f..9e31d91d1b5 100644
--- a/rules/integrations/endpoint/impact_elastic_ransomware_prevented.toml
+++ b/rules/integrations/endpoint/impact_elastic_ransomware_prevented.toml
@@ -30,7 +30,6 @@ Ransomware protection adds a dedicated layer of detection and prevention against
 
 Generally, our ransomware protection is tuned to have extremely low false positives rates. We understand how alarming and disruptive ransomware false positives can be which has factored into its design goals. More likely than not, if this protection fires, it is a true positive. However, certain categories of software do behave similarly to ransomware from the perspective of this protection. That includes installers and backup software, which can make a large number of modifications to documents (especially during a restore operation). Further, encryption or system utilities which modify the system’s MBR may also trigger our MBR protection.
 
-
 ### Possible investigation steps
 
 - The `Ransomware.files` field provides details about files modification (paths, entropy, extension and file headers).