About the Anti-Cryptor for NetApp

The Anti-Cryptor for NetApp provides encryption protection for the folders on the Network Attached Storages. If any malicious encrypting is detected, Kaspersky Security for Windows Server blocks access to the folders of the protected network attached storage.

To operate on network attached storage, Kaspersky Security for Windows Server must be connected to a protected storage as an external engine. The connection implies receiving notifications about file operations that have been performed on a protected network attached storage by the external engine; analyzing the patterns on the file operations received and sending conclusions about the file activity (whether it can be estimated as an encryption attempt or not); blocking the compromised hosts. In order to start the Anti-Cryptor for NetApp task the server (with Kaspersky Security for Windows Server installed) must be specified as the primary FPolicy server on the network attached storage side. FPolicy is a file access notification framework that is used to monitor and manage file access events on Storage Virtual Machines (SVMs) with FlexVol volumes. The framework generates notifications that are sent to external FPolicy servers.

The Fpolicy is not supported for FlexGroup volumes, hence the Anti-Cryptor for NetApp component cannot be configured to protect the network attached storages with FlexGroup volumes.

Notifications from network attached storage to an external server are sent via the FPolicy protocol, only in a synchronous mode. The server analyzes each notification before allowing a file operation.

The external engine (Kaspersky Security for Windows Server) and a protected network attached storage are connected using the FPolicy protocol.

To configure the protection you need to:

1. Create and configure the FPolicy on the protected network attached storage side.
2. Specify Kaspersky Security for Windows Server as an FPolicy server on a protected network attached storage side. Kaspersky Security for Windows Server will be recognized as an external server.
3. Configure the Anti-Cryptor for NetApp task settings in Kaspersky Security for Windows Server.

To complete the required configuration you need the following data:

• SVM machine name.
• External server IP address and the name assigned to it.
• Full list of cluster nodes of the protected network attached storage along with their names.
• Cluster management interface address.
• Created FPolicy name.
• Port for establishing a secure connection between the protected network attached storage and the external server.
• Credentials (login and password):
  • for a user allowed to access network attached storage shared folders;
  • for the CDOT Local Administrator.

All these settings must be specified during the FPolicy creation and when the Anti-Cryptor for NetApp task is configured on the Kaspersky Security for Windows Server.

For detailed instructions on how to create the FPolicy please see the following article.

Page top