AfrosecOps

  Inexpensive Security Hello my good people, This post came about because I read a thread by Taylor " @SwiftOnSecurity " on Twitter.(Follow her if you can, she has amazing ideas about information security and corn.)  This is her original idea, I just built a script to implement it in  my own way.   Anyway, the principle is that you should not assume that your AV/EDR is always working as expected in your environment. Thus, it's a good practice to build a health check of your solution that is independent of the AV/EDR engine itself. There are many ways to do this (i.e. Group Policy), but I chose something that I am more comfortable with: PowerShell Scripts. This script is to be deployed as a scheduled task that would run and check whether any services of the AV engine have been stopped.  The script starts the services related to the program and sends an email to a monitored mailbox with the information of the computer and the logged in user. This may not be necess...