Anti-Cryptor

for Windows

The component monitors operations performed only with those files that are stored on mass storage devices with the NTFS file system and that are not encrypted with EFS.

Protection of shared folders against external encryption provides for analysis of activity in shared folders. If this activity matches a behavior stream signature that is typical for external encryption, Kaspersky Endpoint Security performs the selected action.

If Kaspersky Endpoint Security detects an attempt to modify files in shared folders, it takes the following actions:

• Blocks access to file modification for the session that initiated the malicious activity.
• Creates backup copies of files that are being modified.
• Adds an entry to local application interface reports and sends information about the detected malicious activity to Kaspersky Security Center.
• Also, if the Remediation Engine component is enabled, the modified files are restored from backup copies.

  Anti-Cryptor settings for Pro View

  Parameter	OS	Description
  Action upon detection of external encryption of shared folders	Windows	Inform. If this option is selected, on detecting an attempt to modify files in shared folders, Kaspersky Endpoint Security adds information about this attempt to modify files in shared folders to the list of active threats, adds an entry to the report. Block connection for (min) N min. If this option is selected, when Kaspersky Endpoint Security detects an attempt to modify files in shared folders, it blocks access to file modification for the session that initiated the malicious activity and creates backup copies of the modified files.

Page top