I have a rule setup to stop the Server service (Lanmanserver). When stopping a service manually via Monitor > Respond > Stop Service it works every time. When the rule is triggered, I receive the e-mail action, but the stop service action doesn't activate. Once the rule is triggered, trying to stop the service manually no longer works. And won't work until I reboot the server. However, I can stop other services. I see nothing in the windows event logs or the log for the agent on that system. My ultimate goal is to prevent cryptowall from spreading through my file server if the files it creates are detect.
Does anyone have any ideas? Thanks!
I recommend starting a case with support for this issue, they should be able to assist.