Yes, this is only takes a few minutes to configure.
- Use the EventSentry console toolbar and click Tools > Embedded Scripts
- Make a new script and give it a name that ends with .bat, such as blockpetya.bat
- Select the new script and create its contents on the right. Paste this line:
if not exist "%systemroot%\perfc." echo > %systemroot%\perfc
- Click OK to close the Embedded Scripts menu, and click Home > Save in the toolbar
- Make a new System Health package and right-click it, choose Add > Application Scheduler
- Select Application Scheduler and then click the + button in its settings on the right
- Choose a schedule for how often you'd like to ensure the kill file exists (e.g. every 24 hours), and then choose the name of your Embedded Script in the filename drop-down, and choose Local for the isolation mode drop-down at the bottom, and click OK
- Right-click your new System Health package again and either choose Global to run it on all of your agents, or choose Assign Package and select the groups/machines you'd like to run it on
- Click Home > Save in the toolbar, and then push your new settings (Groups > Push Configuration > Go) and then restart the agent services to generate the script (Groups > Other Actions \/ Restart > Go)
If you need to create a kill file that has a file extension, here is an example of your script:
if not exist "c:\windows\virus.sys" echo > ";c:\windows\virus.sys"
If you need to create a specific folder to act as a kill file, here is an example of your script:
if not exist "c:\windows\virusfolder" md "c:\windows\virusfolder"