3 Replies Latest reply on Oct 14, 2017 1:17 AM by Troja

    Is it possible to scan PCs (endpoints) for a specific file?

    SergeM

      Hi everyone

       

      We are getting report about a targeted attack and would like to be able to look for a specific file on all our PCs.

      We'd like to be able to look for a file with a specific name and extension, we also know the path and have a hash number for the file. 

       

      E.g. we suspect that file  FILENAME.EXE, when it is in  C:\ProgramData\Microsoft\  is an attack.

       

      Using VSE User Defined Unwanted Programs we can specify a file name, but not the path or hash value.

       

      Does anyone know of a way to automatically search for a specific file in a specific directory on +1000 machines?

      If one can also specify a hash it is even better.  (Bonus points? )

       

      Would it be possible to do this with Host IPS?

       

      Thanks for answers

        Serge