Honeypot and Decoy Files

The Catalogic GuardMode has the Honeypot feature, which creates decoy files in a designated folder. These files are intentionally vulnerable to malware, so the Catalogic GuardMode Agent can detect suspicious activities before the malware spreads.

You can set up specific directories as honeypots. These directories contain files with known extensions and checksums that, if modified, indicate a high likelihood of malicious activity.

Adding a New Honeypot

To add a new honeypot, add the path to the folder you want to be treated as Honeypot and click Save. The new honeypot location will be deployed seconds later.

The format of the path depends on your OS.

For Windows:

C:\path\to\honeypot

For Linux:

/path/to/honeypot

Attention! The directory you want to add as a honeypot must be an existing directory on your machine.

Tip. When creating honeypot directories, using prefixes like 'AA' or 'ZZ' can be beneficial as some ransomware scan file systems alphabetically or in reverse order.

PreviousAdding malware detection rules NextWrite Operations Threshold

Last updated 26 days ago