Today I had the problem that one of my servers running this script went out of memory. While diagnosing this problem I noticed that some powershell command were eating a lot of memory.
Further diagnostics led to the get-eventlog command that was used by the deny script.
I then went to google and optimized the command to run in a fraction of a second. Here is what my deny script now uses to get the eventlog:
#define a new timespand for the Get-Date commandlet
$ts = New-TimeSpan -Minutes 5
#create a date-time object for later use
$EventDate = (Get-Date) - $ts
#Looks in event log for the custom event message generated by the file screen audit. Input's username of the offender into a variable.
$RansomwareEvents = Get-Winevent -FilterHashtable @{LogName = "Application"; ID = "8215"; StartTime = $EventDate} -MaxEvents 10
This way only the necessary parts of the eventlog are loaded and the script executes much faster.
I tried this on a Windows server 2012.
Today I had the problem that one of my servers running this script went out of memory. While diagnosing this problem I noticed that some powershell command were eating a lot of memory. Further diagnostics led to the get-eventlog command that was used by the deny script.
I then went to google and optimized the command to run in a fraction of a second. Here is what my deny script now uses to get the eventlog:
This way only the necessary parts of the eventlog are loaded and the script executes much faster. I tried this on a Windows server 2012.