So I'm confused. Looking at this page:
https://www.binarydefense.com/petya-ransomware-without-fluff/
Shows using GPP to create a file "c:\windows\perfc.dat". Apparently, if
this file exists, the malware stops (yes, I know that there will be a
variant Real Soon Now that avoids this).
So I made this change:
Computer\Preferences\Windows Settings\Files
And followed the web page ("update", copy windowsupdate.log to
c:\windows\perfc.dat", make it read-only. Did all this on a testing GPO I
keep around for this purpose.
Doing Group Policy Modeling Wizard, I see this being applied as a setting
to my test VM. Yet when I go an look in c:\windows, I don't see the
file.Nor do I see that setting in "gpresult /r /v".
What have I done wrong?
