GuardMode 2024.3
  • Welcome to GuardMode!
  • Intro
  • Installation
    • System requirements
    • Installing GuardMode Agent on Windows
      • Updating GuardMode Agent on Windows
    • Installing GuardMode Agent on Linux
      • Using Containerized GuardMode Agent
    • Uninstalling GuardMode Agent on Windows
    • Uninstalling GuardMode Agent on Linux
    • Configuring GuardMode Agent for SAMBA setup
    • Uninstalling GuardMode Agent on SAMBA setup
  • Agent Configuration
    • General Settings
    • Excluded Paths Configuration
    • Adding malware detection rules
      • Honeypot and Decoy Files
      • Write Operations Threshold
      • Detecting File Renaming with Abnormal File Extensions
      • Special Files Monitoring
    • Security Incident Detection
    • SMB Monitoring (Linux Only)
    • Event Reports
      • Configuring Event Reports
      • Excluding Paths From Event Reports
      • Tagging Agent
    • NFS Share Monitoring
    • Altering Audit Rules
    • Blocklist Management
      • Configuring DPX for Automatic Blocklist Updates
    • Using TLS
    • Configuring YARA-X
  • Using GuardMode Agent Command Line
  • REST API Documentation
  • On-demand Scanning
  • Logging
  • FAQ
  • Technical Support
Powered by GitBook
On this page
  1. Agent Configuration

General Settings

PreviousAgent ConfigurationNextExcluded Paths Configuration

Last updated 3 months ago

In the General Settings section, you can toggle the analysis of file entropy and magic numbers, a critical feature for determining file encryption. The entropy analysis inspects the file header for randomness, indicative of encryption. Magic numbers analysis assesses the file signature to identify standard file extensions, indicating unencrypted files.

The file entropy and magic numbers analysis are crucial in verifying file encryption in the incidents feature and minimizing false positives in the threshold strategy. Activating the Check file entropy on anomaly detection option in GuardMode Agent initiates the analysis.