Can I use EventSentry to deploy a kill file or vaccine for stopping ransomware/viruses such as Petya/NotPetya?

Yes, this is only takes a few minutes to configure.

1. Use the EventSentry console toolbar and click Tools > Embedded Scripts


2. Make a new script and give it a name that ends with .bat, such as blockpetya.bat


3. Select the new script and create its contents on the right. Paste this line: if not exist "%systemroot%\perfc." echo > %systemroot%\perfc


4. Click OK to close the Embedded Scripts menu, and click Home > Save in the toolbar


5. Make a new System Health package and right-click it, choose Add > Application Scheduler


6. Select Application Scheduler and then click the + button in its settings on the right


7. Choose a schedule for how often you'd like to ensure the kill file exists (e.g. every 24 hours), and then choose the name of your Embedded Script in the filename drop-down, and choose Local for the isolation mode drop-down at the bottom, and click OK


8. Right-click your new System Health package again and either choose Global to run it on all of your agents, or choose Assign Package and select the groups/machines you'd like to run it on


9. Click Home > Save in the toolbar, and then push your new settings (Groups > Push Configuration > Go) and then restart the agent services to generate the script (Groups > Other Actions \/ Restart > Go)



If you need to create a kill file that has a file extension, here is an example of your script:
if not exist "c:\windows\virus.sys" echo > ";c:\windows\virus.sys"

If you need to create a specific folder to act as a kill file, here is an example of your script:
if not exist "c:\windows\virusfolder" md "c:\windows\virusfolder"