none
FSRM / Filegroup limit? RRS feed

  • Question

  • Hi community,

    I have problems with a ransomware-detection via FSRM. I have a filegroup which contains >500 files and filetypes. If one of these files or filetypes is recognized by FSRM it should create an event. Obviously the event is not created for all extensions. for example, if I create a file with extension .oshit the event is created. If I create a file with extension .infected no event is created. Both extensions are in the filegroup. 

    Is there a limitation?

    Regards
    Miranda

    Monday, January 20, 2020 12:30 PM

All replies

  • Hi,

    As far as I know there is no limitation to how many filegroups or file types you can have.

    Best regards,
    Leon


    Blog: https://thesystemcenterblog.com LinkedIn:

    Monday, January 20, 2020 12:54 PM
  • Hey,

    thank you for your response. It seems to be bug... I just created a file named test.oshit and it has been reported to application-log with Event-ID 8215. A few seconds later I created test2.oshit and no further event has been created.

    Strange and unfortunately a showstopper for the ransomware-detection...

    Any ideas?
    Regards
    Miranda


    Monday, January 20, 2020 1:26 PM
  • I believe this is by design, otherwise it may flood the event log pretty badly.


    Blog: https://thesystemcenterblog.com LinkedIn:

    Monday, January 20, 2020 2:21 PM
  • Hi Miranda,

    Just want to confirm the current situations.

    Please feel free to let us know if you need further assistance.                   

    Best Regards,

    Candy


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    Friday, January 24, 2020 6:06 AM
  • the problem was the default-limitation in FSRM -> Configure Options -> Notification Limits. There I had so set the limitation to "0" to get all findings in event-log...
    Friday, January 24, 2020 12:38 PM
  • Hi ,

    Thanks for your posting here and sharing.This will benefit all people accessing this forum. 

    If there is anything else we can do for you, please feel free to post in the forum.

    Best Regards,

    Candy


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    Monday, January 27, 2020 1:45 AM