Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: How does Fileless_Scriptloads Impact Retention?

EDR: How does Fileless_Scriptloads Impact Retention?

Environment

  • EDR Server: 7.6+

Question

How does fileless_scriptloads collection impact retention?

Answer

It depends on the frequency of usage of PowerShell within the organization, it might have a slight impact, but we have no way to provide exact numbers.

Additional Notes

  • The fileless scriptload event leverages the Anti-Malware Scanning Interface (AMSI) support that is available in Windows 10 RS2+ and Windows 2016.
  • The fileless_scriptload event represents each occasion whe the sensor detected AMSI-decoded script content that was executed by any process.
  • Only the fileless script content that was not stored in a file on the file system when the context was executed is sent to the EDR server.
  • The fileless_scriptload data is a new event type stored and indexed in Solr.

Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎12-10-2021
Views:
134
Contributors