Anti-Cryptor

Starting with Kaspersky Endpoint Security 12.12 for Windows, the protection of shared folders from external encryption that used to be part of the Behavior Detection component is a separate component, Anti-Cryptor.

The component monitors operations performed only with those files that are stored on mass storage devices with the NTFS file system and that are not encrypted with EFS.

The Anti-Cryptor component analyzes activity in shared folders. If this activity matches a behavior stream signature that is typical for external encryption, Kaspersky Endpoint Security performs the selected action.

For the Anti-Cryptor component to work, you must enable the Behavior Detection component.

If Kaspersky Endpoint Security detects an attempt to modify files in shared folders, it takes the following actions:

• Blocks access to file modification for the session that initiated the malicious activity (the file will be read-only).
• Creates backup copies of files that are being modified.
• Adds an entry to local application interface reports and sends information about the detected malicious activity to Kaspersky Security Center.
• Also, if the Remediation Engine component is enabled, the modified files are restored from backup copies.

In this section Enabling and disabling protection of shared folders against external encryption Configuring the blocking period of an untrusted computer Editing the protection scope Adding trusted computers for external data encryption Exporting and importing a list of exclusions from protection of shared folders against external encryption

Page top