Work with Canary Files (AVWRKCNY)

The Work with Canary Files (AVWRKCNY) command allows users to maintain the canary files. This command's screen includes functions to add, change, display, and remove canary files.

By placing a canary file among real files, Powertech Antivirus for IBM i can detect additional signs of ransomware activity. Whenever a process writes to a canary file, it is immediately considered suspicious, as any legitimate application or user would not access these files. A predetermined response is taken, such as blocking access to files. A user will be blocked if they try to tamper with a canary file, for example, if the user tries to update the contents of the file or rename/delete the file.

Canary files can be added to directories that have been overridden to exclude from analysis, to allow some protection for those directories. We recommend you add canary files to the root directory of vulnerable shares and to critical directories.

NOTE: For an overview of Anti-Ransomware and configuration instructions, see Anti-Ransomware.

How to Get There

Call command AVWRKCNY. Or, choose option 10 on the Powertech Antivirus Anti-Ransomware Menu.

Options

2 (Change): Opens the Configure Canary Files (AVCFGCNY) screen, where you can add, change, and remove user overrides.

4 (Remove): Deletes the directory from the list of excluded directories.

5 (Display): Displays directory settings.

Function Keys

F3 (Exit Program): Dismiss the screen and return to the previous screen.

F5 (Refresh Screen): Refresh the screen with current data.

F6 (Add): Opens the Configure Canary Files (AVCFGCNY) screen, where you can add, change, and remove canary files.

F12 (Cancel): Cancels this display and returns to the previous menu or display.

Copyright © Fortra, LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.
8.12 | 202502030833 | February 2025