This is an automated archive.
The original was posted on /r/sysadmin by /u/Neoito on 2023-09-27 11:03:12+00:00.
Hi all
So we’re being asked to look in to ways of detecting passwords being stored in plain text files after some Very Clever Person accidentally showed a client that they’re doing just this while screen-sharing. We do have a robust password vault in place but obviously that’s reliant on people using it…
I’m already using custom detection in Defender for Endpoint but that only covers part of our estate, the rest is using WithSecure for AV and Endpoint Detection and Response and I can’t seem to find a way to scan for such files with this.
Any suggestions on how this can be done using WithSecure or other solutions would be greatly appreciated! My Googling just seems to lead me to password vaults or Windows Credential Manager…