The Anti-Cryptor task allows you to protect your files in the local directories with network access by SMB/NFS protocols from remote malicious encrypting.
While the Anti-Cryptor task is running, Kaspersky Endpoint Security scans remote computers' calls to access files located in the shared network directories of the protected device. If the application considers a remote computer's actions on network file resources to be malicious encrypting, then this computer is added to a list of untrusted hosts and loses access to the shared network directories. By default, Kaspersky Endpoint Security blocks untrusted hosts' access to network file resources for 30 minutes. Kaspersky Endpoint Security does not consider activity to be malicious encryption if the encryption activity is detected in directories excluded from the protection scope of the Anti-Cryptor task.
To use the task, a license that includes the corresponding function is required.
For the Anti-Cryptor task to perform correctly, at least one of the services (Samba or NFS) must be installed in the operating system. The NFS service requires the rpcbind package to be installed.
The Anti-Cryptor task runs correctly with SMB1, SMB2, SMB3, NFS3, TCP/UDP, and IP/IPv6 protocols. Working with NFS2 and NFS4 protocols is not supported. It is recommended to configure your server settings so that the NFS2 and NFS4 protocols cannot be used to mount resources.
The Anti-Cryptor task does not block access to network file resources until the host's activity is identified as malicious. So at least one file will be encrypted before the application detects a malicious activity.