| Description | This article describes a simple test to confirm FortiEDR's ability to defend against ransomware encryption. |
| Scope | FortiEDR. |
| Solution |
The following PowerShell script simulates an encryption attack on a specified folder and its content: Encrypt-Delete-Test
It is highly advisable to run this in a lab environment:
Once enabled, the collector will detect the file rename attempt and block it:
The following security event will be generated:
|
