Process monitoring via NtCreateUserProcess hook and Event Log subscription callback (file path, command line, SHA256)
Systray balloons will promptly alert the user when registry startup entries change, processes crash, rundll32 calls Winsock/WSAStartup, and when Excel loads XLL files.Īll events are transmitted to DeepTide's server for threat hunt analysis.
You do have the option to pause blocking options temporarily if needed. It will also block rundll32.exe from using Winsock or calling WSAStartup, and blocks Excel from loading. ArcticMyst Security provides an Open Source (EDR) endpoint detection and response option as an additional layer of protection for your machine.ĪrcticMyst Security will monitor process events, registry startup changes, registry pending delete operations, and crashing processes.
0 kommentar(er)
