Enabling and disabling protection of shared folders against external encryption
By default, protection of shared folders against external encryption is enabled and working as recommended by Kaspersky experts. To configure this functionality, you can create a protection scope and configure exclusions, if necessary. By default, the application automatically identifies shared folders and monitors file activity in all folders. When an attempt to externally encrypt files in shared folders is detected, Kaspersky Endpoint Security blocks the session of the remote user for one hour (by default).
After Kaspersky Endpoint Security is installed, the protection of shared folders against external encryption will be limited until the computer is restarted.
In the Kaspersky Security Center Administration Console tree, select Policies.
Select the necessary policy and double-click to open the policy properties.
In the policy window, select Advanced Threat Protection → Anti-Cryptor.
Use the Anti-Cryptor check box to enable or disable detection of activity that is typical of external encryption.
Select the relevant action the application will take when an attempt to modify files in shared folders is detected:
Block connection forN min. If this option is selected, when Kaspersky Endpoint Security detects an attempt to modify files in shared folders, it blocks access to file modification for the session that initiated the malicious activity and creates backup copies of the modified files.
Inform. If this option is selected, on detecting an attempt to modify files in shared folders, Kaspersky Endpoint Security adds information about this attempt to the list of active threats, adds an entry to the local application interface reports, and sends information about the detected malicious activity to Kaspersky Security Center.
In the main window of the Web Console, select Assets (Devices) → Policies & profiles.
Click the name of the Kaspersky Endpoint Security policy.
The policy properties window opens.
Select the Application settings tab.
Go to Host Threat Protection → Behavior Analysis → Anti-Cryptor.
Use the Anti-Cryptor ENABLED toggle to enable or disable detection of activity that is typical of external encryption.
Select the relevant action the application will take when an attempt to modify files in shared folders is detected:
Block connection for (min)N min. If this option is selected, when Kaspersky Endpoint Security detects an attempt to modify files in shared folders, it blocks access to file modification for the session that initiated the malicious activity and creates backup copies of the modified files.
Inform. If this option is selected, on detecting an attempt to modify files in shared folders, Kaspersky Endpoint Security adds information about this attempt to the list of active threats, adds an entry to the local application interface reports, and sends information about the detected malicious activity to Kaspersky Security Center.
In the application settings window, select Advanced Threat Protection → Anti-Cryptor.
Use the Protection of shared folders against external encryption check box to enable or disable detection of activity that is typical of external encryption.
Use the Protection of shared folders against external encryption check box to enable or disable detection of activity that is typical of external encryption.
Select the relevant action the application will take when an attempt to modify files in shared folders is detected:
Block connection for (min)N min. If this option is selected, when Kaspersky Endpoint Security detects an attempt to modify files in shared folders, it blocks access to file modification for the session that initiated the malicious activity and creates backup copies of the modified files.
Inform. If this option is selected, on detecting an attempt to modify files in shared folders, Kaspersky Endpoint Security adds information about this attempt to the list of active threats, adds an entry to the local application interface reports, and sends information about the detected malicious activity to Kaspersky Security Center.
.
.
button.