By default, when Kaspersky Security detects encryption of files in shared folders, it blocks the network activity of the computer attempting encryption, writes information about the detected malicious activity to a local interface report, and sends this information to Kaspersky Security Center. If rollback of malware actions is enabled in the System Watcher settings, Kaspersky Security can also restore modified files from their backup copies.
You can change the action taken by Kaspersky Security when it detects external encryption of shared folders.
To select the action of System Watcher through Kaspersky Security Center:
In the right part of the window, the System Watcher component's settings are displayed.
The Settings window opens.
If this option is selected and Kaspersky Security detects encryption of files in shared folders, it writes information about the detected malicious activity to a local interface report and sends this information to Kaspersky Security Center, and adds information about this to the list of unprocessed objects.
Kaspersky Security does not restore modified files from their backup copies even if rollback of malware actions is enabled in the System Watcher settings.
If this option is selected and Kaspersky Security detects encryption of files in shared folders, it blocks the network activity of the computer attempting encryption, writes information about the detected malicious activity to a local interface report, and sends this information to Kaspersky Security Center. In the Block connection for N minutes field you can specify the amount of time (in minutes) that the network connection will be blocked. The default value is 60 minutes.
If rollback of malware actions is enabled in the System Watcher settings, Kaspersky Security also restores modified files from their backup copies.
This action is set by default.
If network activity of the computer has been previously blocked (the Block connection action is selected), when the action is changed to Inform it remains blocked for the specified amount of time.
To select the action of System Watcher in the local interface:
In the right part of the window, the System Watcher component's settings are displayed.
The Settings window opens.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.