Configuring Anti-Cryptor in the command line

In the command line, you can manage Anti-Cryptor using the Anti-Cryptor task (Anti_Cryptor).

By default, the Anti-Cryptor task does not run. You can start and stop this task manually.

You can configure Anti-Cryptor settings by editing the settings of the Anti-Cryptor predefined task.

Anti-Cryptor task settings

Setting

Description

Values

ActionOnDetect

Enables untrusted hosts blocking.

Block (default value) – enable untrusted hosts blocking.

Notify: disable untrusted hosts blocking.

BlockTime

The time in minutes for which an untrusted device is blocked.

If a compromised host is blocked, and you change a value for the BlockTime setting, the blocking time for this host will not change. The blocking time is not a dynamic value, and is calculated at the moment of blocking.

Integer from 1 to 4294967295.

Default value: 30.

UseExcludeMasks

Enables protection scope exclusions for objects specified by the ExcludeMasks.item_# setting.

This setting only applies if a value is specified for the ExcludeMasks.item_# setting.

Yes — Exclude objects specified by the ExcludeMasks.item_# setting from the protection scope.

No (default value) — Do not exclude objects specified by the ExcludeMasks.item_# setting from the protection scope.

ExcludeMasks.item_#

Excludes objects from the protection scope by names or masks. You can use this setting to exclude an individual file from the specified protection scope by name or exclude multiple files at the same time using masks in the shell format.

Before specifying a value for this setting, make sure that the UseExcludeMasks setting is enabled.

If you want to specify several masks, specify each mask on a new line with a new index.

The default value is not defined.

The [ScanScope.item_#] section contains the scopes protected by the application. For the Anti-Cryptor task, you need to specify at least one protection scope; you can only specify shared directories.

You can specify several [ScanScope.item_#] sections in any order. The application processes the scopes by index in ascending order.

The [ScanScope.item_#] section contains the following settings:

AreaDesc

Description of protection scope; contains additional information about the protection scope.

Default value: All shared directories.

UseScanArea

Enables protection of the specified scope. To run the task, enable protection of at least one scope.

Yes (default value) — Protect the specified scope.

No — Do not protect the specified scope.

AreaMask.item_#

Protection scope limitation. In the protection scope, the application protects only the objects that are specified using the masks in the shell format.

You can specify several AreaMask.item_# items in any order. The application processes the scopes by index in ascending order.

Default value: * (protect all objects)

Path

Path to the directory with the objects to be protected.

<path to local directory> – Protect a local directory accessible via SMB/NFS. You can use masks to specify the path.

AllShared (default value) — Protect all resources accessible via SMB/NFS.

Shared:SMB — Protect resources accessible via SMB.

Shared:NFS — Protect resources accessible via NFS.

The [ExcludedFromScanScope.item_#] section contains the objects to be excluded from all [ScanScope.item_#] sections. The objects that match the rules of any [ExcludedFromScanScope.item_#] section are not scanned. The format of the [ExcludedFromScanScope.item_#] section is similar to the format of the [ScanScope.item_#] section. You can specify several [ExcludedFromScanScope.item_#] sections in any order. The application processes the scopes by index in ascending order.

The [ExcludedFromScanScope.item_#] section contains the following settings:

AreaDesc

Description of the protection exclusion scope, which contains additional information about the exclusion scope.

Default value: All objects.

UseScanArea

Excludes the specified scope from protection.

Yes (default value) — Exclude the specified scope from protection.

No — Do not exclude the specified scope from protection.

AreaMask.item_#

Limitation of the protection exclusion scope. In the exclusion scope, the application excludes only the objects that are specified using masks in the shell format.

You can specify several AreaMask.item_# items in any order. The application processes the scopes by index in ascending order.

Default value: * (exclude all objects).

Path

Path to the directory with objects excluded from protection.

<path to local directory> — Exclude objects in the specified directory from protection. You can use masks to specify the path.

Mounted:NFS– Exclude the remote directories mounted on a client device using the NFS protocol from protection.

Mounted:SMB– Exclude the remote directories mounted on a client device using the Samba protocol from protection.

AllRemoteMounted– Exclude all remote directories mounted on a client device using the Samba and NFS protocols from protection.

Page top