Honey pot

  • 28 December 2018
  • 2 replies

Userlevel 1
Badge +5
Hello there,
Maybe for power users only but:
I select a few files (microsoft office for instance) and Webroot copy them around and I rename them wisely.
If they get modified,  Webroot rises an orange/red alert (especially if they get new macros). It might be my mistake, but it's worth a look!

2 replies

Userlevel 7
Badge +36
Interesting idea, it sounds like you are wanting to use Webroot to create your honey pot. We have not considered that and currently do not have any plans for implementation.
Userlevel 3
Badge +13
You are describing exactly how Cybereason Ransomfree works. When it was launched, that was it's only detection method. It would create files that were monitored by it. When a file is modified it would lock the opening process. This was designed to stop Ransomware. If something was encrypting all your files it could catch it and stop it before the whole drive is locked. They no longer offer this program for free and they now only sell their full solution which is a full EDR+NGAV solution.

It's not a bad idea, they built a whole software company out of that idea. I don't think it would be super difficult for Webroot to implement a feature like this. The only downside is that it makes strange files on your disk. When I first found the files I was concerned, so the user needs to be educated about these files before the software starts putting them in to critical folders that they want to monitor.