Trap can be investigate or forensic anti-spyware or mallicious exploit registry

Reply
L3 Networker

Trap can be investigate or forensic anti-spyware or mallicious exploit registry

Hi all, I would like to know Trap can be investigated or forensic anti-spyware or malicious exploit via registry? because I have an issue with a client which it seems was a delete with malware which client can't delete yourself

Highlighted
L2 Linker

Re: Trap can be investigate or forensic anti-spyware or mallicious exploit registry

Hi,

 

I'm not sure if I undertood very well, but you want to know if Traps can perform a forensic analysis, if is yes, Traps client take the events and send it to ESM, but you can create a rule on ESM  to collect forensic or files from the client.

 

If the issue (registry deleted) was perform when traps was enabled, you need to check your policies, first 'cause traps has the option to protect the services against malware or malintentioned actions, then second if that happend you don't have configured traps correctly.

 

Check Policies>Forensics, on ESM console.

 

The best regards,

wtobar

L3 Networker

Re: Trap can be investigate or forensic anti-spyware or mallicious exploit registry

@wtobarThanks for the suggestions for me, I'll try using the following information

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!