Version: GuardMode 2023.2

Special Files Monitoring

Toggle off: Any modification to files in the protected path will be reported.
Toggle on: After modifying a file in the protected path, it will be checked for magic numbers and entropy. If anomalies are detected, an alert will be sent.

The Special Files Monitoring feature in Catalogic DPX GuardMode allows users to configure the GuardMode Agent to monitor specific locations on a file system. This feature is designed to detect and alert users if files in these locations are being encrypted or modified in a way that destroys their metadata or magic numbers.

Adding directories to Special Files Monitoring

Go to the section Special files monitoring of the Security tab.
Add the path you want to configure.
Toggle the switch to enable or disable alerts for unknown file types.
- Toggle off: Any modification to files in the protected path will be reported.
- Toggle on: After modifying a file in the protected path, it will be checked for magic numbers and entropy. If anomalies are detected, an alert will be sent.
Click Save.

Attention!

Ensure that the directories you add for monitoring are correctly specified and accessible by the GuardMode Agent to avoid false negatives.

Adding directories to Special Files Monitoring​

Adding directories to Special Files Monitoring