Active Directory

File Extensions by Category

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Details

This report combines file extensions in to categories. The report uses the srs.current_fs_scandata database view which limits the scope to current scans only. The scope is further limited by the sd.fullpath LIKE portion of the sql where clause. If you remove it, the report will run across all current scan_data.

This recipes comes in two versions, a Detailed version and a Summary version.

You will need to modify the path line 32 of the desired query.

 

Content Hash Duplicate File Report

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Summary

This report utilizes the new added file content hash feature of version 4.0.  The 4.0 scan policy definition gives a new option to Generate file content hashes for All Files or Files uploaded since the last scan.  This option prompts the AgentFS to generate a SHA256 hash of the file content and store the hash in the database where it can be compared against other files that match in content.

Details

Line 10 contains the paths to be reported against.  Modify these paths appropriate to your environment.

Current NTFS ACES Without Inheritance

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Summary

How when using the srs.current_ntfs_aces view can I report on the ACES without inheritance?

Explaination

The srs.current_ntfs_aces view includes a field called ace_flags which is a value mask. If this ace_flags value when ANDed with the a decimal value of 16 is equal to 16 than the ACE is inherited. If we therefore mask off that bit mask we can filter off the inherited values.

Find Files Renamed By The Crypto or Wanna Cry Ransomeware Viruses

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 2

Summary

Over the past few years computer systems everywhere have been dealing with ransomeware viruses. Crypo, Wanna Cry, and others have hit networks all over the world. How can I find these infected files, so I can restore them from back up?

Pages