Anti-Cryptor

for Windows and Linux

Windows For Windows devices, the component monitors operations only for files that are at the NTFS file system level and are not encrypted by the EFS system.

Linux For Linux devices, the component analyzes files in local directories with network access over SMB/NFS.

The Anti-Cryptor component protects from remote encryption by analyzing activity in network shares. If this activity matches a behavior stream signature that is typical for external encryption, Kaspersky Endpoint Security performs the selected action.

Linux Before enabling the component on Linux devices, make sure to read and understand the information about Anti-Cryptor.

For the Anti-Cryptor component to work, you must enable the Behavior Detection component.

Anti-Cryptor settings for Pro View

Settings	OS	Description
Action on threat detection	`Windows` `Linux`	Inform. If this option is selected, on detecting an attempt to modify files in shared folders, Kaspersky Endpoint Security adds information about this attempt to the list of active threats, and adds an entry to the report. Block connection for (min). `Windows` If this option is selected, when Kaspersky Endpoint Security detects an attempt to modify files in shared folders, it blocks access to file modification for the session that initiated the malicious activity and creates backup copies of the modified files. `Linux` When Kaspersky Endpoint Security detects an attempt to modify files in shared folders, it blocks network traffic from the device that is engaged in malicious activity. The application creates an Encryption detected event that contains information about the compromised device.

Settings

Description

Action on threat detection

Windows

Linux

Inform. If this option is selected, on detecting an attempt to modify files in shared folders, Kaspersky Endpoint Security adds information about this attempt to the list of active threats, and adds an entry to the report.

Block connection for (min).

Windows If this option is selected, when Kaspersky Endpoint Security detects an attempt to modify files in shared folders, it blocks access to file modification for the session that initiated the malicious activity and creates backup copies of the modified files.

Linux When Kaspersky Endpoint Security detects an attempt to modify files in shared folders, it blocks network traffic from the device that is engaged in malicious activity. The application creates an Encryption detected event that contains information about the compromised device.

Page top