[01-11-19 11:19:48.538] [fbc:1] [Info] source: (AntiRansomware.Interfaces.ISetARPolicy) message: ( SetBasicPolicy is called, parameters: antiRansomewareEnabled=False, silentModeEnabled=False )
[01-11-19 11:19:48.553] [fbc:1] [Info] source: (AntiRansomware.Threading.EngineState) message: ( EngineState Stop is called )
[01-11-19 11:19:48.553] [fbc:1] [Info] source: (AntiRansomware.Interfaces.ISetARPolicy) message: ( SetDetection is called, parameters: TriggerType=TotalModifiedFiles, DetectionMode=Note, parametersList1=100;, parametersList2=RankingRange[0-9:1,10-14:7,15-19:8,20-24:9,25-2147483647:10]; )
[01-11-19 11:19:48.569] [fbc:1] [Info] source: (AntiRansomware.Interfaces.ISetARPolicy) message: ( Set TotalModifiedFiles.MaxValueFromPolicy = 100 )
[01-11-19 11:19:48.569] [fbc:1] [Info] source: (AntiRansomware.Interfaces.ISetARPolicy) message: ( Set TotalModifiedFiles.RangeRanks = RankingRange[0-9:1,10-14:7,15-19:8,20-24:9,25-2147483647:10] )
[01-11-19 11:19:48.569] [fbc:1] [Info] source: (AntiRansomware.Interfaces.ISetARPolicy) message: ( SetDetection is called, parameters: TriggerType=Ranking, DetectionMode=Note, parametersList1=30;, parametersList2=0.5; )
[01-11-19 11:19:48.569] [fbc:1] [Info] source: (AntiRansomware.Interfaces.ISetARPolicy) message: ( Set Ranking.MaxValueFromPolicy = 30 )
[01-11-19 11:19:48.569] [fbc:1] [Info] source: (AntiRansomware.Interfaces.ISetARPolicy) message: ( SetDetection is called, parameters: TriggerType=ModifiedSpecificFileType, DetectionMode=Note, parametersList1=8;, parametersList2=FileTypeExtenssions[doc,docx,xls,xlsx,pdf,png,rtf,zip,svg,wmv,mp3,rar,bmp,7z,gif,docm,dotm,xlm,xlsm,xlam,ppt,pptx,pptm,ppom,ppam,ppsm,contact,jpeg,txt];RankingRange[1-1:3,2-2:4,3-3:5,4-4:11,5-5:12,6-6:13,7-2147483647:14]; )
[01-11-19 11:19:48.569] [fbc:1] [Info] source: (AntiRansomware.Interfaces.ISetARPolicy) message: ( Set ModifiedSpecificFileType.MaxValueFromPolicy = 8 )
[01-11-19 11:19:48.569] [fbc:1] [Info] source: (AntiRansomware.Interfaces.ISetARPolicy) message: ( Set ModifiedSpecificFileType.Extenssions = FileTypeExtenssions[doc,docx,xls,xlsx,pdf,png,rtf,zip,svg,wmv,mp3,rar,bmp,7z,gif,docm,dotm,xlm,xlsm,xlam,ppt,pptx,pptm,ppom,ppam,ppsm,contact,jpeg,txt] )
[01-11-19 11:19:48.569] [fbc:1] [Info] source: (AntiRansomware.Interfaces.ISetARPolicy) message: ( Set ModifiedSpecificFileType.RangeRanks = RankingRange[1-1:3,2-2:4,3-3:5,4-4:11,5-5:12,6-6:13,7-2147483647:14] )
[01-11-19 11:19:48.569] [fbc:1] [Info] source: (AntiRansomware.Interfaces.ISetARPolicy) message: ( SetDetection is called, parameters: TriggerType=ModifiedSpecificFolders, DetectionMode=Note, parametersList1=, parametersList2=RankingGroups[Desktop:13,Documents:13,Downloads:8,Pictures:8,Videos:8,Others:1]; )
[01-11-19 11:19:48.569] [fbc:1] [Info] source: (AntiRansomware.Interfaces.ISetARPolicy) message: ( Set ModifiedSpecificFolders.RangeRanks = RankingGroups[Desktop:13,Documents:13,Downloads:8,Pictures:8,Videos:8,Others:1] )
[01-11-19 11:19:48.569] [fbc:1] [Info] source: (AntiRansomware.Interfaces.ISetARPolicy) message: ( SetDetection is called, parameters: TriggerType=DummyPotFilesModified, DetectionMode=Note, parametersList1=3;, parametersList2=Music\00CpSystemFolderDonotRemove\mp4;Music\00CpSystemFolderDonotRemove\mp4;Music\00CpSystemFolderDonotRemove\avi;Documents\00CpSystemFolderDonotRemove\docx;Documents\00CpSystemFolderDonotRemove\doc;Documents\00CpSystemFolderDonotRemove\xlsx;Documents\00CpSystemFolderDonotRemove\xls;Documents\00CpSystemFolderDonotRemove\pptx;Documents\00CpSystemFolderDonotRemove\pdf;Documents\00CpSystemFolderDonotRemove\txt;Videos\00CpSystemFolderDonotRemove\wmv;Videos\00CpSystemFolderDonotRemove\wmv;Videos\00CpSystemFolderDonotRemove\mp4;Videos\00CpSystemFolderDonotRemove\avi;Pictures\00CpSystemFolderDonotRemove\jpg;Pictures\00CpSystemFolderDonotRemove\png;Pictures\00CpSystemFolderDonotRemove\gif; )
[01-11-19 11:19:48.569] [fbc:1] [Info] source: (AntiRansomware.Interfaces.ISetARPolicy) message: ( Set DummyPotFilesFiles.MaxValueFromPolicy = 3 )
[01-11-19 11:19:48.569] [fbc:1] [Info] source: (AntiRansomware.Interfaces.ISetARPolicy) message: ( Set DummyPotFilesFiles.Files = Music\00CpSystemFolderDonotRemove\mp4,Music\00CpSystemFolderDonotRemove\mp4,Music\00CpSystemFolderDonotRemove\avi,Documents\00CpSystemFolderDonotRemove\docx,Documents\00CpSystemFolderDonotRemove\doc,Documents\00CpSystemFolderDonotRemove\xlsx,Documents\00CpSystemFolderDonotRemove\xls,Documents\00CpSystemFolderDonotRemove\pptx,Documents\00CpSystemFolderDonotRemove\pdf,Documents\00CpSystemFolderDonotRemove\txt,Videos\00CpSystemFolderDonotRemove\wmv,Videos\00CpSystemFolderDonotRemove\wmv,Videos\00CpSystemFolderDonotRemove\mp4,Videos\00CpSystemFolderDonotRemove\avi,Pictures\00CpSystemFolderDonotRemove\jpg,Pictures\00CpSystemFolderDonotRemove\png,Pictures\00CpSystemFolderDonotRemove\gif )
[01-11-19 11:19:48.569] [fbc:1] [Info] source: (AntiRansomware.Interfaces.ISetARPolicy) message: ( SetDetection is called, parameters: TriggerType=MBRDetection, DetectionMode=Block, parametersList1=, parametersList2= )
[01-11-19 11:19:48.569] [fbc:1] [Info] source: (AntiRansomware.Interfaces.ISetARPolicy) message: ( SetDetection is called, parameters: TriggerType=ModifiedFilesPerMinute, DetectionMode=Silent, parametersList1=50;, parametersList2= )
[01-11-19 11:19:48.569] [fbc:1] [Info] source: (AntiRansomware.Interfaces.ISetARPolicy) message: ( Set ModifiedFilesPerMinute.MaxValueFromPolicy = 50 )
[01-11-19 11:19:48.569] [fbc:1] [Info] source: (AntiRansomware.Interfaces.ISetARPolicy) message: ( SetDetection is called, parameters: TriggerType=TotalModifiedFiles, DetectionMode=Silent, parametersList1=100;, parametersList2= )
[01-11-19 11:19:48.569] [fbc:1] [Info] source: (AntiRansomware.Interfaces.ISetARPolicy) message: ( Set Silent TotalModifiedFiles.MaxValueFromPolicy = 100 )
[01-11-19 11:19:48.569] [fbc:1] [Info] source: (AntiRansomware.Interfaces.ISetARPolicy) message: ( SetDetection is called, parameters: TriggerType=ModifiedDifferentFileTypes, DetectionMode=Silent, parametersList1=10;, parametersList2= )
[01-11-19 11:19:48.569] [fbc:1] [Info] source: (AntiRansomware.Interfaces.ISetARPolicy) message: ( Set ModifiedDifferentFileTypes.MaxValueFromPolicy = 10 )
[01-11-19 11:19:48.569] [fbc:1] [Info] source: (AntiRansomware.Interfaces.ISetARPolicy) message: ( SetDetection is called, parameters: TriggerType=ModifiedSpecificFileType, DetectionMode=Silent, parametersList1=8;, parametersList2=FileTypeExtenssions[doc,docx,xls,xlsx,pdf,png,rtf,zip,svg,wmv,mp3,rar,bmp,7z,gif,docm,dotm,xlm,xlsm,xlam,ppt,pptx,pptm,ppom,ppam,ppsm,contact,jpeg,txt]; )
[01-11-19 11:19:48.569] [fbc:1] [Info] source: (AntiRansomware.Interfaces.ISetARPolicy) message: ( Set Silent ModifiedSpecificFileType.MaxValueFromPolicy = 8 )
[01-11-19 11:19:48.569] [fbc:1] [Info] source: (AntiRansomware.Interfaces.ISetARPolicy) message: ( Set Silent ModifiedSpecificFileType.Extenssions = FileTypeExtenssions[doc,docx,xls,xlsx,pdf,png,rtf,zip,svg,wmv,mp3,rar,bmp,7z,gif,docm,dotm,xlm,xlsm,xlam,ppt,pptx,pptm,ppom,ppam,ppsm,contact,jpeg,txt] )
[01-11-19 11:19:48.569] [fbc:1] [Info] source: (AntiRansomware.Interfaces.ISetARPolicy) message: ( SetDetection is called, parameters: TriggerType=Ranking, DetectionMode=Silent, parametersList1=30;, parametersList2=0.5; )
[01-11-19 11:19:48.569] [fbc:1] [Info] source: (AntiRansomware.Interfaces.ISetARPolicy) message: ( Set Silent Ranking.MaxValueFromPolicy = 30 )
[01-11-19 11:19:48.569] [fbc:1] [Info] source: (AntiRansomware.Interfaces.ISetARPolicy) message: ( Commit is called )
[01-11-19 11:19:48.569] [fbc:1] [Warn] source: (AntiRansomware.Policy.ARPolicy) message: ( PolicyChangedEvent was not initialized. Waiting for service to start )
[01-11-19 11:19:48.584] [fbc:1] [Info] source: (AntiRansomware.Helpers.ShellFolders) message: ( GetFolders for SID [S-1-1-1] - user [Public] )
[01-11-19 11:19:48.616] [fbc:1] [Info] source: (AntiRansomware.Helpers.ShellFolders) message: ( GetFolders for SID [S-1-5-21-2732810954-1700855356-1339776706-1000] - user [FPUNEREP7\Admin] )
[01-11-19 11:19:48.647] [fbc:1] [Info] source: (AntiRansomware.Detections.DetectModifiedSpecificFolders) message: ( SetFoldersDetails - Add [TotalPaths=1] )
[01-11-19 11:19:48.647] [fbc:1] [Info] source: (AntiRansomware.Detections.DetectModifiedSpecificFolders) message: ( SetFoldersDetails - Add [TotalPaths=3] )
[01-11-19 11:19:48.647] [fbc:1] [Info] source: (AntiRansomware.Detections.DetectModifiedSpecificFolders) message: ( SetFoldersDetails - Add [TotalPaths=4] )
[01-11-19 11:19:48.647] [fbc:1] [Info] source: (AntiRansomware.Detections.DetectModifiedSpecificFolders) message: ( SetFoldersDetails - Add [TotalPaths=6] )
[01-11-19 11:19:48.647] [fbc:1] [Info] source: (AntiRansomware.Detections.DetectModifiedSpecificFolders) message: ( SetFoldersDetails - Add [TotalPaths=8] )
[01-11-19 11:19:48.647] [fbc:1] [Info] source: (AntiRansomware.Detections.DetectModifiedSpecificFolders) message: ( SetFoldersDetails - Add [TotalPaths=8] )
[01-11-19 11:19:48.647] [fbc:1] [Info] source: (AntiRansomware.Managers.ManageBackupActivities) message: ( ManageBackupActivities is initialize type AntiRansomware.Detections.DetectDummyPotFilesModified )
[01-11-19 11:19:48.647] [fbc:1] [Info] source: (AntiRansomware.Managers.ManageBackupActivities) message: ( ManageBackupActivities is initialize type AntiRansomware.Detections.DetectMBR )
[01-11-19 11:19:48.647] [fbc:1] [Info] source: (AntiRansomware.Managers.ManageBackupActivities) message: ( ManageBackupActivities is initialize type AntiRansomware.Detections.DetectModifiedSpecificFileType )
[01-11-19 11:19:48.647] [fbc:1] [Info] source: (AntiRansomware.Managers.ManageBackupActivities) message: ( ManageBackupActivities is initialize type AntiRansomware.Detections.DetectModifiedSpecificFolders )
[01-11-19 11:19:48.647] [fbc:1] [Info] source: (AntiRansomware.Managers.ManageBackupActivities) message: ( ManageBackupActivities is initialize type AntiRansomware.Detections.DetectTotalModifiedFiles )
[01-11-19 11:19:48.663] [fbc:1] [Info] source: (AntiRansomware.Policy.ARPolicy) message: ( PolicyChangedEvent is call )
[01-11-19 11:19:48.678] [fbc:1] [Info] source: (AntiRansomware.Detections.DetectDummyPotFilesModified) message: ( Delete all honeypots cause AR is disabled or in silent mode )
[01-11-19 11:19:48.678] [fbc:1] [Info] source: (AntiRansomware.DummyPot.DummyPotFilesManager) message: ( Start DeleteDummyPots on disk )
[01-11-19 11:19:48.678] [fbc:1] [Info] source: (AntiRansomware.DummyPot.DummyPotFilesManager) message: ( Deleted '0/0' dummy pots files on disk )
[01-11-19 11:19:48.694] [fbc:1] [Info] source: (AntiRansomware.DummyPot.DummyPotFilesManager) message: ( Deleted '0/0' dummy pots fileMetadata on disk )
[01-11-19 11:19:48.694] [fbc:1] [Info] source: (AntiRansomware.DummyPot.DummyPotFilesManager) message: ( Deleted '0/0' dummy pots directories on disk )
[01-11-19 11:19:48.694] [fbc:1] [Info] source: (AntiRansomware.DummyPot.DummyPotFilesManager) message: ( Deleted '0' rows in DB )
[01-11-19 11:19:48.772] [fbc:1] [Info] source: (AntiRansomware.Detections.DetectModifiedSpecificFolders) message: ( Instance_PolicyChangedEvent is called, call to SetGroupFlders )
[01-11-19 11:19:48.772] [fbc:1] [Info] source: (AntiRansomware.Detections.DetectModifiedSpecificFolders) message: ( SetFoldersDetails - Add [TotalPaths=1] )
[01-11-19 11:19:48.772] [fbc:1] [Info] source: (AntiRansomware.Detections.DetectModifiedSpecificFolders) message: ( SetFoldersDetails - Add [TotalPaths=3] )
[01-11-19 11:19:48.772] [fbc:1] [Info] source: (AntiRansomware.Detections.DetectModifiedSpecificFolders) message: ( SetFoldersDetails - Add [TotalPaths=4] )
[01-11-19 11:19:48.772] [fbc:1] [Info] source: (AntiRansomware.Detections.DetectModifiedSpecificFolders) message: ( SetFoldersDetails - Add [TotalPaths=6] )
[01-11-19 11:19:48.772] [fbc:1] [Info] source: (AntiRansomware.Detections.DetectModifiedSpecificFolders) message: ( SetFoldersDetails - Add [TotalPaths=8] )
[01-11-19 11:19:48.772] [fbc:1] [Info] source: (AntiRansomware.Detections.DetectModifiedSpecificFolders) message: ( SetFoldersDetails - Add [TotalPaths=8] )
[01-11-19 11:20:51.231] [fbc:22] [Error] source: (DataCollection.Entities.Tasks.TaskOnEvent) message: ( SuspiciousEventGeneration signaled to stop )
[01-11-19 11:20:51.231] [fbc:22] [Error] source: (DataCollection.Entities.Tasks.TaskOnEvent) message: ( EFRreportGeneration signaled to stop )
[01-11-19 11:21:11.231] [fbc:22] [Info] source: (AntiRansomware.Threading.EngineState) message: ( EngineState Stop is called )