Raccine

#Operations Management#Endpoint Security

Comprehensive endpoint protection solution providing advanced threat detection, proactive defense, and efficient management.

Visit Website

Raccine is a simple ransomware

Raccine is a simple ransomware protection that intercepts and kills malicious processes that attempt to delete shadow copies using vssadmin.exe

It uses YARA rules to

It uses YARA rules to scan command line parameters for malicious activity and can be easily uninstalled without leaving any system files modified

However, it may break some

However, it may break some backup solutions and block legitimate use of vssadmin.exe. Raccine works by registering a debugger for vssadmin.exe, collecting the parent process IDs, and killing them if malicious activity is detected

It also logs the killed

It also logs the killed PIDs to the Windows Eventlog. Please note that Raccine should be used at your own risk and may interfere with certain backup solutions.

Other AI Tools

Procmon for Linux

Graylog offers advanced log management and SIEM capabilities to enhance security and compliance across various industries.

Details

Visit site

Panther Detections

Python application to translate Zeek logs into ElasticSearch's bulk load JSON format with detailed instructions and features.

Details

Visit site

PowerGRR

Collection of scripts and resources for DevSecOps, Security Automation and Automated Incident Response Remediation.

Details

Visit site

Palantir osquery Configuration

Request Tracker for Incident Response (RTIR) is a tool for incident response teams to manage incident reports, correlate data, and facilitate communication.

Details

Visit site