Can I use EventSentry to deploy a kill file or vaccine for stopping ransomware/viruses such as Bad Rabbit?

Yes, this is only takes a few minutes to configure.

1. Use the EventSentry console toolbar and click Tools > Embedded Scripts


2. Make a new script and give it a name that ends with .bat, such as blockbadrabbit.bat


3. Select the new script and create its contents on the right. Paste these lines:

if not exist "%systemroot%\infpub.dat" echo > %systemroot%\infpub.dat
if not exist "%systemroot%\cscc.dat" echo > %systemroot%\cscc.dat
icacls %systemroot%\infpub.dat /inheritance:r
icacls %systemroot%\cscc.dat /inheritance:r

4. Click OK to close the Embedded Scripts menu, and click Home > Save in the toolbar


5. Make a new System Health package and right-click it, choose Add > Application Scheduler


6. Select Application Scheduler and then click the + button in its settings on the right


7. Choose a schedule for how often you'd like to ensure the kill file exists (e.g. every 24 hours), and then choose the name of your Embedded Script in the filename drop-down, and choose Local for the isolation mode drop-down at the bottom, and click OK


8. Right-click your new System Health package again and either choose Global to run it on all of your agents, or choose Assign Package and select the groups/machines you'd like to run it on


9. Click Home > Save in the toolbar, and then push your new settings (Groups > Push Configuration > Go) and then restart the agent services to generate the script (Groups > Other Actions \/ Restart > Go)