What does "Audit the Directory" Mean?

In the remediation details section of an incident report, you may see "audit the directory X".

Often malware will create its own directories. Since the Huntress Agent only enumerates auto-starting applications, we need to make sure that the file is removed. We mention "auditing" these folder locations because other artifacts may be present (a password dump file for example). Something "suspicious" would be anything that is not there by default and is not "business-related". In most cases, the directory only contains a single malicious file and if that directory doesn't contain anything "user/business" related, it's safe to assume the malware created that directory.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Need help? Click here to Contact Us Click here to Contact Us