3 Replies Latest reply on Oct 14, 2017 1:17 AM by Troja

    Is it possible to scan PCs (endpoints) for a specific file?


      Hi everyone


      We are getting report about a targeted attack and would like to be able to look for a specific file on all our PCs.

      We'd like to be able to look for a file with a specific name and extension, we also know the path and have a hash number for the file. 


      E.g. we suspect that file  FILENAME.EXE, when it is in  C:\ProgramData\Microsoft\  is an attack.


      Using VSE User Defined Unwanted Programs we can specify a file name, but not the path or hash value.


      Does anyone know of a way to automatically search for a specific file in a specific directory on +1000 machines?

      If one can also specify a hash it is even better.  (Bonus points? )


      Would it be possible to do this with Host IPS?


      Thanks for answers