General settings

In this part, the user can switch the analysis of file entropy and magic numbers on or off. Checking file entropy and magic numbers is a feature that additionally verifies if a file is encrypted. Entropy check takes a file's header and evaluates if it looks random - if it does, the file is considered to be encrypted (see Header Entropy Analysis Tests for more information). Magic numbers check analyzes a file's signature. If the file contains a known signature, it means that it has a regular file's extension and is not encrypted.

The file entropy and magic numbers check is used in two places: in the incidents feature (to verify if files are encrypted) and in the threshold strategy (to minimize false positive triggers).

If the user toggles the Check file entropy on anomaly detection functionality, it will enable checking file entropy and magic numbers on GuardMode Agent. If the user unchecks it, file entropy and magic numbers will not be checked.