Free Republic
Browse · Search 		General/Chat
Topics · Post Article

To: linMcHlp
The hack tries to hide its tracks, and then force a reboot of the Windows OS based machine.

If the affected Windows machine has event logging enabled and those logs are sent elsewhere, clearing the log and rebooting the machine does no good.

I can tell you factually that every single one of our Windows Desktops and Servers sends their logfiles to a secure event logging solution where those logfiles cannot be manipulated or deleted.

It doesn't take much to then filter through the events to see what's happened/happening with any of our Windows (and Linux) serers, of which there are about 16,000 total.

40 posted on 12/14/2020 7:17:15 AM PST by usconservative (When The Ballot Box No Longer Counts, The Ammunition Box Does. (What's In Your Ammo Box?))
[ Post Reply | Private Reply | To 37 | View Replies ]

To: usconservative

The FireEye article - my reply 41 - will interest.


43 posted on 12/14/2020 7:23:23 AM PST by linMcHlp
[ Post Reply | Private Reply | To 40 | View Replies ]

Free Republic
Browse · Search 		General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson