Is there any way to automate a task on detection of specific malware?
We're having a lot of problems with Crowti encrypting network shares, and restoring the backups has become a huge time sync. Crowti is being detected pretty early (often before it's been executed), but it's a race against the clock to get to the client pc before things start getting encrypted.
What I'd like to do is have SCCM immediately perform some task (that would disable the client's access to shares, disable the network adapter, or something) as soon as Crowti or even any ransom-ware is detected. Does SCCM allow something like this to be setup, or is there some other route I could take?
Thanks!