Hey All, I am a newbie, trying to learn OSSEC use. My OSSEC configuration includes a server and an agent (windows based agent). I want to use OSSEC to detect malware on windows systems. I am trying to understand the win_malware_rcl.txt file and made an entry in the windows registry to see if it would be detected by OSSEC. It worked as expected and the webUI showed that malware was detected. I added another entry to see if OSSEC would report multiple malware detections. It did not. I tried to delete the entry I first made and re-entered it. This time OSSEC did not detect it as malware.
What am I missing here? Any help would be appreciated. Thank you for your time and help. Vipul.
