Published Apr 12, 2023
Version 1.0
Alex_Mihaiuc
Microsoft
MicrosoftBlog Post
1 Comment
I wonder if there are any plans on Sysmon to have a builtin quota for ArchiveDirectory. Currently the option is either not use it via the FileDeleteDetected event or create a WMI subscription triggering a delete command.
https://gist.github.com/zbalkan/17fbe38864a900a2f1eeac2088c5d49e
