Honeypot and Decoy Files

The Catalogic GuardMode has the Honeypot feature, which creates decoy files in a designated folder. These files are intentionally vulnerable to malware, so the Catalogic GuardMode Agent can detect suspicious activities before the malware spreads.

You can set up specific directories as honeypots. These directories contain files with known extensions and checksums that, if modified, indicate a high likelihood of malicious activity.

Adding a new honeypot

To add a new honeypot, add the path of the folder you'd like to be treated as Honeypot and press Save. The new honeypot location should be deployed seconds later.

The format of the path depends on your OS.

For Windows:

C:\path\to\honeypot

For Linux:

/path/to/honeypot

Attention! The directory you want to add as a honeypot has to be created on your machine before adding it to the DPX Dashboard.

Tip. When creating honeypot directories, using prefixes like 'AA' or 'ZZ' can be beneficial as some ransomware scans file systems alphabetically or in reverse order.

PreviousAdding malware detection rules NextWrite Operations Threshold

Last updated 10 months ago