Severity:ERROR AND Channel:Security AND Category:File System
- Severity:ERROR AND Channel:Security AND Category:File System
Configuration
query
Severity:ERROR AND Channel:Security AND Category:File System NOT ProcessName:C:\\Program Files (x86)\\Sophos\\Sophos Anti-Virus\\SavService.exe NOT ProcessName:C:\Windows\System32\lsass.exe AND NOT AccessMask:0x10* AND NOT AccessMask:0x12* AND NOT AccessMask:0xc0080 AND NOT AccessMask:0x80* AND NOT AccessMask:0x16* AND NOT AccessMask:0x20*
config
Key | Value — | — type | aggregation-v1 query | Severity:ERROR AND Channel:Security AND Category:File System NOT ProcessName:C:\\Program Files (x86)\\Sophos\\Sophos Anti-Virus\\SavService.exe NOT ProcessName:C:\Windows\System32\lsass.exe AND NOT AccessMask:0x10* AND NOT AccessMask:0x12* AND NOT AccessMask:0xc0080 AND NOT AccessMask:0x80* AND NOT AccessMask:0x16* AND NOT AccessMask:0x20* streams | [5f74fe0891d2ba1b645adb8d] conditions | {expression:null} search_within_ms | 3600000 execute_every_ms | 3600000
Windows File Modification Monitoring
Ransomware activity detection.