Managing Default Honeypot Files
Anti-Ransomware uses a standard set of honeypot files, which are kept in the honeypot template directory, /iSecurity/ATP/HoneyPot-Default/ . New honeypot sets, when created in other directories, are copied from there.
To manage the default set of honeypot files, select 5. Setup Honeypot Template from the Malware Honeypots screen ( STRAR > 7) as shown in Starting Anti-Ransomware. The Setup Honeypot Template screen appears:
| Setup Honeypot Template Dir: /iSecurity/ATP/HoneyPot-Default/ Type choices, press Enter. 1=Work with 3=Copy 4=Remove 7=Rename Opt Type Object *DIR subdir/ *STMF #CLIENT54.docx *STMF 2016.xlsx *STMF 2017.xlsx *STMF Balance2017.xlsx *STMF BalanceCaptl.xlsx *STMF Business2017.xlsx *STMF Business5y.xlsx *STMF Bussines2y.xlsx *STMF Bussines3y.xlsx *STMF Bussinesy4.xlsx *STMF CLIENT 1.docx More... F3=Exit F6=New F10=Restore Default F22=Full path |
The body of the screen lists the honeypot files in the directory. For each, after the standard Opt field, it shows the Type of the file and the file's name. If the name is truncated, to see the full name, place the cursor in the Opt field on that line and press the F22 (Shift+F10) key.
To copy a honeypot file from another directory, press the F6 key. The Copy to Default H-P Dir (TPHPNEW) screen appears. Enter values in the screen's fields:
From Object
The pathname of the original file.
Object is from Default H-P
*YES* if the object was originally from the honeypot template directory.
*NO* if it originated elsewhere.
New object
The name of the new file, or *SAME* if it will have the same name as the From Object.
To copy a honeypot file, enter 3 in the Opt field for that file. The Copy Honey-Pot Object (TPHPCPY) screen appears. The name of the original file appears in the Object and New object fields. Change the value in the New object field to the name of the new file.
To remove a honeypot file, enter 4 in the Opt field for that file. The Remove Link (DEL) screen appears, in which you can confirm that you want to remove the file.
To rename a honeypot file, enter 7 in the Opt field for that file. The Rename Honey-Pot Object (TPHPREN) screen appears. The original name of the file appears in the Object and New object fields. Change the value in the New object field to the new name of the file.
To perform other operations on a honeypot file, enter 1 in the Opt field for that file. The standard IBM WRKLNK screen appears.
To restore the set of honeypot files to the default, press the F10 key. The Restore Factory Setting window appears, confirming that you want to restore the original files.