Yeah I thought about something like that Steve
I've only tried with a powershell command at the minute which may be horrendously in-optimized.
( I ran it on my machine and it took 98 seconds and consumed 30% CPU )
- Code: Select all
Get-ChildItem c:\* -Include (Get-Content C:\Tools\test.txt) -Recurse -EA SilentlyContinue
This will search every Dir in C:\ for any extensions listed in that C:\Tools\test.txt, -EA SilentlyContinue prevents any error messages from showing up like "Access denied to C:\Windows\WinSxs\example\.."
( Test.txt contents are just extensions on new lines, e.g. *.locky *.crypto etc.)
the plan was to wrap that in a function that returns "true" if anything is found, and then have a monitor that is checking the result of that executable. Having 30% CPU usage and 98 seconds run time however is not fantastic!
There must be a better way. Perhaps Dir /S is less intensive.