sysmon-modular icon indicating copy to clipboard operation
sysmon-modular copied to clipboard
verified publisher icon olafhartong

Adding interesting_files.xml

Open mgreen27 opened this issue 3 years ago • 0 comments

Add collection of interesting files in FileDelete event type to use with a management configuration.

I have specifically targetted executables and added example of exclusion. As I noticed a lot of configs were using contains, I have also split out individual TargetFilename filters using 'end with' for better performance.

mgreen27 avatar Aug 02 '22 23:08 mgreen27