Anti-Cryptor settings

The table describes all available values and the default values of all the settings that you can specify for the Anti-Cryptor task.

Setting	Description	Values

`UseHostBlocker`	Enables or disables blocking of untrusted computers. If blocking of untrusted computers is disabled, the application still scans remote computers actions on network file resources for malicious encryption, when the Anti-Cryptor task is running. If malicious activity is detected, the `EncryptionDetected` event is created, but the attacking computer is not blocked.	`Yes` (default value) — Enable blocking of untrusted computers. `No` — Disable blocking of untrusted computers.
`BlockTime`	Specifies the amount of time an untrusted computer is blocked (in minutes). If a compromised computer is blocked, and you change the value of the `BlockTime` setting, the blocking time for this computer will not change. The blocking time is not a dynamic value, and is calculated at the moment of blocking.	Integer from `1` to `4294967295`. The default value is `30`.
`UseExcludeMasks`	Enables or disables exclusion of objects specified by the `ExcludeMasks` setting from the scan scope. This setting only applies if the `ExcludeMasks` setting is specified.	`Yes` — Exclude objects specified by the `ExcludeMasks` setting from the protection scope `No` (default value) — Do not exclude objects specified by the `ExcludeMasks` setting from the protection scope.
`ExcludeMasks`	Specifies a list of masks that define objects to be excluded from the protection scope. Before specifying this setting, make sure the `UseExcludeMasks` setting is set to `Yes`. Masks are specified in command shell format. If you want to specify several masks, specify each mask on a new line with a new index (`ExcludeMasks.item_0000, ExcludeMasks.item_0001`).	The default value is not defined.
The [ScanScope.item_#] section contains the scopes protected by the application. For the Anti-Cryptor task, you need to specify at least one protection area; you can only specify shared directories. You can define several [ScanScope.item_#] sections in any order in the configuration file. The application will process the scopes by index in ascending order. Each [ScanScope.item_#] section contains the following settings:
`AreaDesc`	Specifies the name of the protection scope.	Default value: `All shared directories`.
`UseScanArea`	Enables or disables protection of the specified scope.	`Yes` (default value) — Protect the specified scope. `No` — Do not protect the specified scope.
`Path`	Specifies the path to the objects to be protected.	Absolute path accessible via SMB/NFS (for example, `Path=/tmp`). `AllShared` (default value) — Protect all resources accessible via SMB/NFS. `Shared:SMB <path>` — Protect resources accessible via SMB. `Shared:NFS <path>` — Protect resources accessible via NFS
`AreaMask.item_#`	Specifies a command line shell mask that defines the objects to be protected. You can specify several `AreaMask.item_#` items in any order. The application will process the scopes by index in ascending order.	Default value: `*` (process all objects)
The [ExcludedFromScanScope.item_#] section contains the objects to be excluded from all [ScanScope.item_#] sections. The objects that match the rules of any [ExcludedFromScanScope.item_#] section are not scanned. The format of the [ExcludedFromScanScope.item_#] section is similar to the format of the [ScanScope.item_#] section. You can define several [ExcludedFromScanScope.item_#] sections in any order in the configuration file. The application will process the scopes by index in ascending order. Each [ScanScope.item_#] section contains the following settings:
`AreaDesc`	Specifies the name of the scope to be excluded from scans.	Default value: `All objects`.
`UseScanArea`	Specifies whether the designated scope will be excluded from protection.	`Yes` (default value) — Exclude the specified scope from protection. `No` — Do not exclude the specified scope from protection.
`Path`	Specifies the path to the objects to be excluded from protection. You can specify only an absolute path to a local directory (for example, `/root/tmp/123`) that will not be protected by the Anti-Cryptor. You can use masks to specify the path. You can use the `` (asterisk) character to create a file or directory name mask. One `` character represents any set of characters (including the empty set) preceding the `/` character in the file or directory name. For example, `/dir//file or /dir///file`. Two consecutive `` characters represent any set of characters (including the empty set), including the `/` character, in the file or directory name. For example, `/dir/*/file/ or /dir/file/`. The `` mask can be used only once in a directory name. For example, `/dir///file` is an incorrect mask.	The default value is not defined.
`AreaMask.item_#`	Specifies a command line shell mask that defines the objects to be excluded from protection. You can specify several `AreaMask.item_#` items in any order. The application will process the scopes by index in ascending order.	Default value: `*` (process all objects)

Page top