Event ID 28

Sysmon detects and blocks file shredding

Source:

Microsoft-Windows-Sysmon

File Block Shredding:
    RuleName: %1!s!
    UtcTime: %2!s!
    ProcessGuid: %3!s!
    ProcessId: %4!s!
    User: %5!s!
    Image: %6!s!
    TargetFilename: %7!s!
    Hashes: %8!s!
    IsExecutable: %9!s!

This event is generated when Sysmon detects and blocks file shredding from tools such as SDelete.

LEFT/RIGHT arrow keys for navigation

Back to List