Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 11449 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Auto restart of AV services.

ZMagnum

As you may know there are many viruses out there that attempt to shut down the AV service in the backgroud without user knowledge.  I have figured out a way using our LEM (Solarwinds Log and Event Manager) to restart any AV service as soon as it's shut down.  I've been running it for a while with Sophos AV and another AV without any issues.  It looks for "Service Stop" events.

If you have the LEM or similar and are interested let me know.

Mark.

:56480


This thread was automatically locked due to age.
Parents
  • 0

    Yes, I did think about that but restarting has not been an issue.  The LEM responds to shutdown logs and then restarts but during an update there's nothing to restart until it's finished updating. 

    Malware could target the system that restarts it but how would it know about that?  I had to write my own rule that does this and no one would know about it.

    :56553
Reply
  • 0

    Yes, I did think about that but restarting has not been an issue.  The LEM responds to shutdown logs and then restarts but during an update there's nothing to restart until it's finished updating. 

    Malware could target the system that restarts it but how would it know about that?  I had to write my own rule that does this and no one would know about it.

    :56553
Children
No Data