Ransomware Canaries - Ability to put deploy canaries to network drives/custom locations
J
Jeff Roback
I like the concept of watching for this on network drives. My concern with this approach would be if you have all the agents creating an monitoring canaries on a network share, you could end up creating a significant volume of network and file server traffic if everyone's pounding on the same files. This could be especially problematic for remote/vpn users who already suffer from SMB related latency issues.
Perhaps a better way to accomplish this would be to have the ability to specify multiple locations from a single agent? I'm thinking on the file server agent, you'd specify one canary location for each network share. That way the canaries are only being monitored by 1 device, but you're accomplishing the same result.
G
Gino Faraci
I made a new post regarding this topic so it doesnt get stale. I also made sure that it is tagged properly as a feature request and not just "Feedback." I set the severity to critical. Please upvote: https://feedback.huntress.com/ransomware-canaries/p/ransomware-canaries-on-all-system-drives
G
Gino Faraci
This needs to be implemented ASAP. One of our clients were ransomed and the data drives/network shares were attacked first. This is a huge blindspot and im baffled it hasnt been implemented already. I think instead of adding to all network shares, we just need to add to all drives on each system.. That would suffice for both circumstances i think.
B
Brian White
Is this still a requested feature because I think this would be helpful. We are installing huntress on servers and we want to know if ransomware attacks a file share. Being able to deploy this there is critical to help stopping a ransomware attack against the server itself.
D
Darren Djernes
being able to deploy canaries to additional locations like a network share all users have would be great
J
Jonathan Pilkington
I feel like this is a good example of why this is needed. I have heard of ransomware that will go after network shares first. In that, case the ransomware canaries would not be effective. I feel like it should be a per agent setting and you can specify folders you want to put random canaries that way you only have to have one agent check. To be clear Huntress did prevent major damage in the situation below but might have prevented more damage and caught it sooner if the canaries had been on the file share.
Full conversation here for context: https://www.reddit.com/r/msp/comments/16xfmou/bitdefender_mdr/k32q8fp/?context=3
J
Julienne'la Harvey'la
Please implement this!
My company just ran through a simulated ransomware scenario where the 'infected' computer had a mapped drive on our file server and encrypted that mapped drive but nothing else. The canaries on the system drive of the fileserver do no good there. We need them on our data shares!
A
Andy Sauer
This would be lovely!
b
bill jerrett
If implementing adding to network shares, instead of specifying paths, maybe just a toggle switch? If enabled, agent scans local computer (which is sharing out its files and is presumably some type of server) for its list of shared folders and deploys canaries to each.
T
Tarsha'la O'Keefe'la
Keeping this going. The ability to have canaries on shared network drives would be great. Configuring it on the file server agent would make sense. Monitoring a NAS would understandably carry some caveats.
J
Josh Lambert
Merged in a post:
Huntress for Synology NAS
J
Jason Farris
Would especially like to have canary files on network storage.
Load More
→