Enabling and disabling protection of shared folders against external encryption
By default, protection of shared folders against external encryption is enabled and working as recommended by Kaspersky experts. To configure this functionality, you can create a protection scope and configure exclusions, if necessary. By default, the application automatically identifies shared folders and monitors file activity in all folders. When an attempt to externally encrypt files in shared folders is detected, Kaspersky Endpoint Security blocks the session of the remote user for one hour (by default).
After Kaspersky Endpoint Security is installed, the protection of shared folders against external encryption will be limited until the computer is restarted.
Open the Kaspersky Security Center Administration Console.
In the console tree, select Policies.
Select the necessary policy and double-click to open the policy properties.
In the policy window, select Advanced Threat Protection → Behavior Detection.
Use the Protect shared folders check box to enable or disable detection of activity that is typical of external encryption.
Select the relevant action the application will take when an attempt to modify files in shared folders is detected:
Block connection forN min. If this option is selected, when Kaspersky Endpoint Security detects an attempt to modify files in shared folders, it blocks access to file modification (read only) for the session that initiated the malicious activity and creates backup copies of the modified files.
Inform. If this option is selected, on detecting an attempt to modify files in shared folders, Kaspersky Endpoint Security adds information about this attempt to modify files in shared folders to the list of active threats, adds an entry to local application interface reports and sends information about the detected malicious activity to Kaspersky Security Center.
In the main window of the Web Console, select Assets (Devices) → Policies & profiles.
Click the name of the Kaspersky Endpoint Security policy.
The policy properties window opens.
Select the Application settings tab.
Go to Advanced Threat Protection → Behavior Detection.
Use the Protection of shared folders against external encryption toggle to enable or disable detection of activity that is typical of external encryption.
Select the relevant action the application will take when an attempt to modify files in shared folders is detected:
Upon detection of external encryption of shared foldersN min. If this option is selected, when Kaspersky Endpoint Security detects an attempt to modify files in shared folders, it blocks access to file modification (read only) for the session that initiated the malicious activity and creates backup copies of the modified files.
If the Remediation Engine component is enabled and the Upon detection of external encryption of shared foldersN min option is selected, modified files are restored from backup copies.
Inform. If this option is selected, on detecting an attempt to modify files in shared folders, Kaspersky Endpoint Security adds information about this attempt to modify files in shared folders to the list of active threats, adds an entry to local application interface reports and sends information about the detected malicious activity to Kaspersky Security Center.
In the application settings window, select Advanced Threat Protection → Behavior Detection.
Behavior Detection settings
Use the Protect shared folders check box to enable or disable detection of activity that is typical of external encryption.
Use the Protect shared folders check box to enable or disable detection of activity that is typical of external encryption.
Select the relevant action the application will take when an attempt to modify files in shared folders is detected:
Block connection forN min. If this option is selected, when Kaspersky Endpoint Security detects an attempt to modify files in shared folders, it blocks access to file modification (read only) for the session that initiated the malicious activity and creates backup copies of the modified files.
Inform. If this option is selected, on detecting an attempt to modify files in shared folders, Kaspersky Endpoint Security adds information about this attempt to modify files in shared folders to the list of active threats, adds an entry to local application interface reports and sends information about the detected malicious activity to Kaspersky Security Center.