eG Help

Agents Administration - Tests

Default Parameters for ScrtySuspPrcsChcksTest

The ScrtySuspPrcsChcksTest test monitors all the processes, isolates the process patterns that are configured as suspicious processes and reports the number of suspicious processes. Any unusual increase in the number of suspicious processes clearly indicates malicious activity. Therefore, by using this test, administrators are promptly alerted to any sudden increase in the number of suspicious processes. This will help proactively detect and resolve any suspicious activity before it becomes a potential security risk. The detailed diagnosis offered by this test helps administrators to find more details of the process such as the process name, identified time, and process ID.

This page depicts the default parameters that need to be configured for the ScrtySuspPrcsChcksTest.

The TEST PERIOD list box helps the user to decide how often this test needs to be executed.

The process patterns that need to be considered as suspicious processes for monitoring will have to be provided in a comma-separated list in the SUSPICIOUS PROCESS PATTERNS text box. The pattern configuration should be in the following format: *ssvc*, *abc*, *contains*.

The DD FREQUENCY parameter refers to the frequency with which detailed diagnosis measures are to be generated for this test. The default is 1:1. This indicates that, by default, detailed measures will be generated every time this test runs, and also every time the test detects a problem. You can modify this frequency, if you so desire. Also, if you intend to disable the detailed diagnosis capability for this test, you can do so by specifying none against DD FREQUENCY parameter.

Once the necessary values have been provided, clicking on the UPDATE button will register the changes made.

When changing default configurations of tests, the values with “$” indicate variables that will be replaced by the eG system according to the specific server being managed - for instance, $hostName is the host/nickname of the target host, $port is the port number of the server being monitored. E.g., for a server xyz:80, $hostName will be changed automatically by the eG manager to “xyz*” and $port will be changed to “80” when configuring a test.