I need a solution
People,
Two common areas where the ransomware typically executes from are the %APPDATA% folder and the %TEMP% folder on the system.
Looking for any file executing from these locations is a good way to spot ransomware before it has actually had a chance to encrypt files.
Does SEP client have some rules to monitor for file executions from these folders, as well as to look for file executions from the location and the creation of the files in the above directory ?
Thanks in advance.
0