Protection of shared folders against external encryption

The component monitors operations performed only with those files that are stored on mass storage devices with the NTFS file system and that are not encrypted with EFS.

Protection of shared folders against external encryption provides for analysis of activity in shared folders. If this activity matches a behavior stream signature that is typical for external encryption, Kaspersky Embedded Systems Security performs the selected action.

If an attempt to modify files in shared folders is detected, Kaspersky Embedded Systems Security performs the following actions:

• Blocks access to file modification for the session that initiated the malicious activity (the file will be read-only).
• Creates backup copies of files that are being modified.
• Adds an entry to local application interface reports and sends information about the detected malicious activity to Kaspersky Security Center.
• Also, if the Remediation Engine component is enabled, the modified files are restored from backup copies.

In this section Enabling and disabling protection of shared folders against external encryption Creating the protection scope Adding trusted computers for external data encryption Configuring the blocking period for an untrusted computer Exporting and importing a list of exclusions from protection of shared folders against external encryption

Page top