Disable Show Hidden Files

Disable Show Hidden Files

Description

The following analytic is to identify a modification in the Windows registry to prevent users from seeing all the files with hidden attributes. This event or techniques are known on some worm and trojan spy malware that will drop hidden files on the infected machine.

   Help

Disable Show Hidden Files Help

To successfully implement this search you need to be ingesting information on process that include the name of the process responsible for the changes from your endpoints into the Endpoint datamodel in the Registry node. Also make sure that this registry was included in your config files ex. sysmon config to be monitored.

   Search

Open in Search