When malicious encryption activity is detected, the application creates and enables a rule for the operating system firewall that blocks network traffic from a compromised device. The compromised device is added to the list of blocked devices. The application blocks access to shared network directories for all remote devices in the list of blocked devices. Information about blocked devices from a protected server is sent to Kaspersky Security Center.
Firewall rules created by the Anti-Cryptor task cannot be deleted using the iptables utility, since the application restores a set of rules every minute. Use the --allow-hosts
command to unblock a device.
By default, the application removes blocked devices from the list 30 minutes after being added to the list. Devices' access to network file resources is restored automatically after they are deleted from the list. You can change the list of blocked devices and specify the period after which the blocked devices will be automatically unblocked.
Page top