Keep Group Policies Intact
Multiple policies to maintain IT security, such as software restriction and password policies, are configured in almost every organization. Any changes to such policies should be audited properly, with administrators being notified immediately for critical changes. LepideAuditor monitors every change in Group Policy Objects and sends real-time alerts when critical changes are detected. It also lets you restore the entire Group Policy Object with a few clicks to reverse unwanted changes.
Highlight Suspicious Changes
Some ransomware attacks (including the most recent WannaCry attack in May of 2017) encrypt critical files and alter the extension name with a new suffix. Once the extension name of a file is changed, it gets encrypted and hidden. LepideAuditor sends you real-time alerts for such suspicious changes – as emails to your inbox, updates to the Radar Tab, and push-notifications to the LepideAuditor App installed on your Android or Apple device.
Spot Anomalous Change Activity
If a user is making numerous changes over a short space of time, red flags should be raised about the possibility of unauthorized activities. LepideAuditor sends you threshold alerts, as emails or push notifications, that inform you of multiple changes or suspicious user activities taking place over a specified period of time. In-depth audit reports enable you to view all the activities or changes being made by a user account.
Detect Sudden Permission Changes
Often, ransomware attacks attempt to change permissions of a file in File Server or of a user in Active Directory. LepideAuditor audits the permissions of all server components to keep you aware of any sudden change in permissions. This enables you take quicker action to review permissions and correct if necessary.
Reverse Unwanted Changes
When your security solution has neutralized the ransomware attack, the next thing to deal with are the changes made to the configuration of IT environment due to the infection. LepideAuditor continuously captures snapshots of the state of both Active Directory Objects and Group Policy Objects. Use Lepide Object Restore Wizard to restore the state of these objects to a previously dated snapshot. With this method, you can reverse all unwanted changes within minutes.