Cryptolocker / ransomware
Hello there, I'm a very happer user of your product, I generally do not use it for anything else but trying to catch a cryptolocker / ransomware in the act.
I believe I have configured it so it works very well,
my biggest "issue" is that because I have the software looking at so many servers / pc's it takes forever to edit each job, Could it be possible if that you create a template, let's say a group. a group called "ransomware" and then inside the job under Main -> Filters instead of typing in each Include patterns that I have typed in each one of them, there could be a dropdown menu so I can pick the group "ransomware" i have created, like a global filter. it would make things so much easier for me, because we have 100 + pcs and 50 + servers. I have 2 jobs for each server / pc, so you do the math. so a global filter would be highly appreciated :)
-
This ties in with the central configuration idea here: https://deventerprise.uservoice.com/forums/198724-general/suggestions/9962124-ability-to-manage-multiple-installs-in-one-locatio
This is certainly something we are looking at for an upcoming release. Network access to various machines internally or even over the internet is tricky given the typical installation environments of Directory Monitor and requires additional diligence around security which is the current challenge we face.
Global filters (or rather default filters) exist and can be applied from File -> Options -> Main. These will be added y default to new configuration and you can optionally apply them to existing configurations when you make changes to the defaults.