Displaying Ransomware Compromised Files

To display information on files that may have been compromised, select 11. Display Ransomware Compromised from the ATP Logs & Reports screen (SRTAR > 41) as shown in Starting Anti-Ransomware The Display Ransomware Compromised (DSPRWCMP) screen appears:

​ ​  ​       ​  ​      ​  Display Ransomware Compromised (DSPRWCMP) ​                  
 ​  ​       ​  ​                                                                    
​ Type choices, press Enter.​                                                     
                                                                                
​ IFS Directory  . . . . . . . . .​  ​                                             
      ​                                                                          
​ Include by suspicious name . . .​  ​ *YES​         ​ *YES, *NO                     
​ Include by suspicious content  .​  ​ *YES​         ​ *YES, *NO                     
​ Output . . . . . . . . . . . . .​  ​ *       ​     ​ *, *OUTFILE, *STTFILE         
​                                                                                
                                                                                
                                                                 ​        Bottom​ 
​ F3=Exit   F4=Prompt   F5=Refresh   F12=Cancel   F13=How to use this display    
 F24=More keys                                                                 ​ 
                                                                                
​

The screen has the following fields:

IFS Directory

Specifies the directory within the Integrated File System (IFS) to check for compromised files.

Include by Suspicious Name

Indicates whether to include files with suspicious names. The default value is YES.

Include by Suspicious Content

Indicates whether to include files with suspicious content patterns that may indicate ransomware. The default value is YES.

Output

Defines the output results.