GuardMode 2024.3
  • Welcome to GuardMode!
  • Intro
  • Installation
    • System requirements
    • Installing GuardMode Agent on Windows
      • Updating GuardMode Agent on Windows
    • Installing GuardMode Agent on Linux
      • Using Containerized GuardMode Agent
    • Uninstalling GuardMode Agent on Windows
    • Uninstalling GuardMode Agent on Linux
    • Configuring GuardMode Agent for SAMBA setup
    • Uninstalling GuardMode Agent on SAMBA setup
  • Agent Configuration
    • General Settings
    • Excluded Paths Configuration
    • Adding malware detection rules
      • Honeypot and Decoy Files
      • Write Operations Threshold
      • Detecting File Renaming with Abnormal File Extensions
      • Special Files Monitoring
    • Security Incident Detection
    • SMB Monitoring (Linux Only)
    • Event Reports
      • Configuring Event Reports
      • Excluding Paths From Event Reports
      • Tagging Agent
    • NFS Share Monitoring
    • Altering Audit Rules
    • Blocklist Management
      • Configuring DPX for Automatic Blocklist Updates
    • Using TLS
    • Configuring YARA-X
  • Using GuardMode Agent Command Line
  • REST API Documentation
  • On-demand Scanning
  • Logging
  • FAQ
  • Technical Support
Powered by GitBook
On this page
  1. Agent Configuration

Adding malware detection rules

GuardMode provides you with many customizable methods of detecting ransomware on your device:

  • Honeypot and decoy files

  • Write operations threshold

  • Detecting file renaming with abnormal file extensions

To modify any of the options select the Nodes tab from the DPX Dashboard, click your GuardMode Agent Node, and select the Security tab:

PreviousExcluded Paths ConfigurationNextHoneypot and Decoy Files

Last updated 5 months ago