Anti-Cryptor task settings

The table describes all available values and the default values of all the settings that you can specify for the Anti-Cryptor task.

Setting	Description	Values

`UseHostBlocker`	Enables blocking of untrusted computers. If blocking of untrusted computers is disabled, the application still scans remote computers actions on network file resources for malicious encryption, when the Anti-Cryptor task is running. If malicious activity is detected, the `EncryptionDetected` event is created, but the attacking computer is not blocked.	`Yes` (default value) — Enable blocking of untrusted computers. `No` — Disable blocking of untrusted computers.
`BlockTime`	The time an untrusted computer is blocked (in minutes). If a compromised computer is blocked, and you change the value of the `BlockTime` setting, the blocking time for this computer will not change. The blocking time is not a dynamic value, and is calculated at the moment of blocking.	Integer from `1` to `4294967295`. The default value is `30`.
`UseExcludeMasks`	Enables exclusion of the objects specified by the `ExcludeMasks` setting from the protection scope. This setting only applies if the `ExcludeMasks` setting is specified.	`Yes` — Exclude objects specified by the `ExcludeMasks` setting from the protection scope `No` (default value) — Do not exclude objects specified by the `ExcludeMasks` setting from the protection scope.
`ExcludeMasks`	Excludes objects from the protection scope by names or masks. You can use this setting to exclude an individual file from the specified protection scope by name or exclude several files at once using masks in the shell format. Before specifying a value for this setting, make sure that the `UseExcludeMasks` setting is enabled. If you want to specify several masks, specify each mask on a new line with a new index (`ExcludeMasks.item_0000, ExcludeMasks.item_0001`).	The default value is not defined.
The [ScanScope.item_#] section contains the scopes protected by the application. For the Anti-Cryptor task, you need to specify at least one protection scope; you can only specify shared directories. You can define several [ScanScope.item_#] sections in any order in the configuration file. The application will process the scopes by index in ascending order. The [ScanScope.item_#] section contains the following settings:
`AreaDesc`	Description of protection scope; contains additional information about the protection scope.	Default value: `All shared directories`.
`UseScanArea`	Enables protection of the specified scope. To run the task, enable protection of at least one scope.	`Yes` (default value) — Protect the specified scope. `No` — Do not protect the specified scope.
`AreaMask`	Protection scope limitation. Within the protection scope, the application protects only the files that are specified using the masks in the shell format. You can specify several `AreaMask.item_#` items in any order. The application will process the scopes by index in ascending order.	Default value: `*` (protect all objects)
`Path`	Path to the directory with the objects to be protected.	`<path to local directory>` – Protect a local directory accessible via SMB/NFS. You can use masks to specify the path. You can use the `` (asterisk) character to create a directory name mask. A single `` replaces any number of any characters in the path except for the delimiter (`/`) and can be combined with regular characters. Two consecutive `` characters replace any number of path elements, and must be separated from other characters by a delimiter (`/`). For example, the `/dir/example/123/subdir` directory matches the following masks: `//subdir` (the `` characters match `/dir/example/123`) and `/dir/ex//dir` (the `ex` characters match `example`, the next `` character matches `123`, and the `dir` characters matches `subdir`), but it does not match the following masks: `/dir//example/123/subdir` (the path does not contain an element between `dir` and `example`) and `/dir/ex/dir` (after `ex` matches `example`, the path contains `123`, that does not match `dir`). To exclude the mount point `/dir`, you need to specifically write `/dir` (no asterisk), since `/dir/` excludes all mount points at the level below `/dir` but not `/dir` itself. And `/dir/**` excludes all mount points at all levels below `/dir` but not `/dir` itself. `AllShared` (default value) — Protect all resources accessible via SMB/NFS. `Shared:SMB <path>` — Protect resources accessible via SMB. `Shared:NFS <path>` — Protect resources accessible via NFS.
The [ExcludedFromScanScope.item_#] section contains the objects to be excluded from all [ScanScope.item_#] sections. The objects that match the rules of any [ExcludedFromScanScope.item_#] section are not scanned. The format of the [ExcludedFromScanScope.item_#] section is similar to the format of the [ScanScope.item_#] section. You can define several [ExcludedFromScanScope.item_#] sections in any order in the configuration file. The application will process the scopes by index in ascending order. The [ExcludedFromScanScope.item_#] section contains the following settings:
`AreaDesc`	Description of the protection exclusion scope, which contains additional information about the exclusion scope.	Default value: `All objects`.
`UseScanArea`	Excludes the specified scope from protection.	`Yes` (default value) — Exclude the specified scope from protection. `No` — Do not exclude the specified scope from protection.
`AreaMask`	Limitation of the protection exclusion scope. In the exclusion scope, the application excludes only the objects that are specified using masks in the shell format. You can specify several `AreaMask.item_#` items in any order. The application will process the scopes by index in ascending order.	Default value: `*` (exclude all objects).
`Path`	Path to the directory with objects excluded from protection.	`<path to local directory>` — Exclude objects in the specified directory from protection. You can use masks to specify the path. You can use the `` (asterisk) character to create a directory name mask. A single `` replaces any number of any characters in the path except for the delimiter (`/`) and can be combined with regular characters. Two consecutive `` characters replace any number of path elements, and must be separated from other characters by a delimiter (`/`). For example, the `/dir/example/123/subdir` directory matches the following masks: `//subdir` (the `` characters match `/dir/example/123`) and `/dir/ex//dir` (the `ex` characters match `example`, the next `` character matches `123`, and the `dir` characters matches `subdir`), but it does not match the following masks: `/dir//example/123/subdir` (the path does not contain an element between `dir` and `example`) and `/dir/ex/dir` (after `ex` matches `example`, the path contains `123`, that does not match `dir`). To exclude the mount point `/dir`, you need to specifically write `/dir` (no asterisk), since `/dir/` excludes all mount points at the level below `/dir` but not `/dir` itself. And `/dir/**` excludes all mount points at all levels below `/dir` but not `/dir` itself. `Mounted:NFS` – Exclude the remote directories mounted on a computer using the NFS protocol from protection. `Mounted:SMB` – Exclude the remote directories mounted on a computer using the Samba protocol from protection. `AllRemoteMounted` – Exclude all remote directories mounted on the computer using the Samba and NFS protocols from protection.

Page top