When malicious encryption activity is detected, the application creates and enables a rule for the operating system firewall that blocks network traffic from a compromised computer. A compromised computer is added to the list of untrusted computers. The application blocks access to shared network directories for all remote computers in the list of untrusted computers. Information about blocked computers from a protected server is sent to Kaspersky Security Center.
Firewall rules created by the Anti-Cryptor task cannot be deleted using the iptables utility, since the application restores a set of rules every minute. Use the --allow-hosts command to unblock a computer.
By default, the application removes untrusted computers from the list 30 minutes after being added to the list. Computers' access to network file resources is restored automatically after they are deleted from the list of untrusted computers. You can change the list of blocked computers and specify the period after which the blocked computers will be automatically unblocked.
Page top