Can I monitor a user's clipboard and detect / erase malicious content from the clipboard?

Yes, the tray utility EventSentray can be configured to monitor all text that is copied to a user's clipboard. This can prevent certain attacks that can trick a user into copying malicious code and executing it on their system.

If EventSentray detects text in the clipboard that matches your settings, it can perform any one of the following actions (or a combination):

• Clear the clipboard
• Display a warning message to the end user
• Log event 2000/2001 to the Application event log

To activate this feature follow these steps in your EventSentry Management Console:

• Create a new System Health package or select an existing system health package that is already assigned to your end points (the clipboard would most commonly be used on machines that users actively work on such as workstations, laptops, etc.)
• Add the "Tray Application" object to the System Health package
• If not already present, set the text pattern under Detect Suspicious Clipboard Content to the value below. This includes some common text strings that might be considered dangerous. You can edit the text below to add additional entries or remove those that you don't want to monitor for, but be sure to separate each with a semicolon:

*powershell*;*mshta.exe*;*certutil*;*bitsadmin*;*wmic*;*regsvr32*;*msiexec*;*WScript.Shell*;*ActiveXObject*;*rundll32*;*explorer*http*

• Finally, select one or more of the actions under "When Found" and save/deploy the configuration. Now EventSentray will monitor the clipboard for text that matches the strings you set.