Protection of shared folders against external encryption provides for analysis of activity in shared folders. Kaspersky Security monitors the following operations performed from a remote device:
Kaspersky Security monitors operations performed only with those files that are stored on mass storage devices with the NTFS file system and that are not encrypted with the EFS file system.
When Kaspersky Security detects an attempt to modify files in shared folders, it creates backup copies of the files being modified and analyzes the detected activity. If the activity in shared folders matches a behavior stream signature that is typical for external encryption, Kaspersky Security performs the selected action. By default, when Kaspersky Security detects external encryption of shared folders, it blocks the network activity of the device attempting encryption, writes information about the detected malicious activity to a local interface report, and sends this information to Kaspersky Security Center.
If rollback of malware actions is enabled in the System Watcher settings, when Kaspersky Security detects external encryption of files in shared folders it can also restore the modified files from backup copies. Information about this is also written to a local interface report and is sent to Kaspersky Security Center.
You can configure the protection of shared folders against external encryption as follows: