Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Ransomware Canary
- # Kenton
- # December 28, 2018
- #
- # Creates an FSRM file screen that watches a folder(s) for any file changes,
- # immediately shuts down the server if any are detected to slow down ransomware attacks
- $CanaryPath = "C:UsersAdministratorDesktopAcounting" # Path to monitor, deliberately misspelled
- $AnyGroup = "Any" # Name of FSRM file group to catch all files
- $ShutdownCmd = "C:WindowsSystem32shutdown.exe" # Location of shutdown command
- $ShutdownParameters = "/s /f" # /s = shut down computer immediately; /f = force close applications
- # Install File Server Resource Manager (FSRM)
- Add-WindowsFeature -Name FS-Resource-Manager -IncludeManagementTools
- # Define file group to catch all possible names, since any changes in this folder should be disallowed
- New-FsrmFileGroup -Name $AnyGroup -IncludePattern @("*")
- # Define action to shut down computer
- $ShutdownAction = New-FsrmAction -Type Command -Command $ShutdownCmd -CommandParameters $ShutdownParameters -SecurityLevel LocalSystem
- # Define file screen
- New-FsrmFileScreen -Path $CanaryPath -IncludeGroup $AnyGroup -Notification $ShutdownAction -Active
- New-FsrmFileScreen : 0x8004530d, The specified property is out of range.
- At C:UsersAdministratorDesktopadd-ransomware-canary.ps1:23 char:1
- + New-FsrmFileScreen -Path $CanaryPath -IncludeGroup $AnyGroup -Notific ...
- + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- + CategoryInfo : NotSpecified: (MSFT_FSRMFileScreen:Root/Microsoft/..._FSRMFileScreen) [New-FsrmFileScree
- n], CimException
- + FullyQualifiedErrorId : HRESULT 0x8004530d,New-FsrmFileScreen
Add Comment
Please, Sign In to add comment
