Enabling Windows Autoruns & Process Analysis

The AutoRun Policy collects autorun and processes information from client devices by leveraging WinRM (Windows Remote Management).

To define an autorun policy, go to "Rules & Policies" -> "Policy Management" -> "Policy Rules and click the" -> "+Policy" button.

On the policy definition screen, set values for the policy you are defining, Name, Description, Severity, and Enable status.

You can select notification action on the additional settings if something unusual is detected. Also, you can enable/disable CloudCyte cloud-based intelligence check by using "Enable Investigation Mode."

The system also queries Virus Total for the files it finds. you can enable it from the "Virus Total Integration" section.

PreviousThreat Hunting NextEnabling Weak SNMP Discovery

Last updated 6 months ago

Was this helpful?