Raccine

#Operations Management#Endpoint Security

Comprehensive endpoint protection solution providing advanced threat detection, proactive defense, and efficient management.

Visit Website

Raccine: A Simple Ransomware Protection Tool

Raccine is a straightforward ransomware protection tool that intercepts and terminates malicious processes that try to delete shadow copies using vssadmin.exe.

It uses YARA rules to enhance system security

It uses YARA rules to examine command line parameters for any signs of malicious activity. Additionally, it can be easily uninstalled without altering any system files.

However, it may disrupt some

However, it may disrupt some backup solutions and prevent legitimate use of vssadmin.exe. Raccine operates by registering a debugger for vssadmin.exe, gathering the parent process IDs, and terminating them if any malicious activity is detected.

It also logs the terminated processes

It also logs the terminated PIDs to the Windows Event log. Please be aware that using Raccine is at your own risk, and it may conflict with certain backup solutions.

Other AI Tools

Procmon for Linux

Graylog offers advanced log management and SIEM capabilities to enhance security and compliance across various industries.

Details

Panther Detections

Python application to translate Zeek logs into ElasticSearch's bulk load JSON format with detailed instructions and features.

Details

PowerGRR

Collection of scripts and resources for DevSecOps, Security Automation and Automated Incident Response Remediation.

Details

Palantir osquery Configuration

Request Tracker for Incident Response (RTIR) is a tool for incident response teams to manage incident reports, correlate data, and facilitate communication.

Details