Enabling and disabling protection of shared folders against external encryption
By default, protection of shared folders against external encryption is enabled and working in the mode that is recommended by Kaspersky experts. To configure this functionality, you can create a protection scope and, if necessary, configure exclusions. By default, the application automatically identifies shared folders and tracks file activity in all folders. If an attempt at external encryption of files in shared folders is detected, Kaspersky Embedded Systems Security blocks the session of the remote user for one hour (by default).
After Kaspersky Embedded Systems Security is installed, the protection of shared folders against external encryption will be limited until the computer is restarted.
In the Kaspersky Security Center Administration Console tree, select the Policies folder.
Select the necessary policy and double-click to open the policy properties.
In the policy properties window, select Real-Time Computer Protection.
In the Behavior Detection section, click Settings.
Select or clear the Behavior Detection check box to enable or disable the component.
Go to the Protection of shared folders tab.
Use the Protect shared folders check box to enable or disable the option.
Select the relevant action in the Protection of shared folders against external encryption block:
Block connection forN min. If this option is selected, when Kaspersky Embedded Systems Security detects an attempt to modify files in shared folders, it blocks access to file modification (read only) for the session that initiated the malicious activity and creates backup copies of the modified files.
If the Remediation Engine component is enabled and the Block connection forN min option is selected, modified files are restored from backup copies.
Inform. If this option is selected, then if an attempt to modify files in shared folders is detected, Kaspersky Embedded Systems Security adds information about this file modification attempt in shared folders to the list of active threats, adds a record to reports of the local interface of the application, and sends information about malicious activity detection to Kaspersky Security Center.
If necessary, create a protection scope and configure exclusions.
Save your changes. To apply the policy on computers, close the locks .
In the main window of the Web Console, select Assets (Devices) → Policies & profiles.
Click the name of the Kaspersky Embedded Systems Security policy.
The policy properties window opens.
Select the Application settings tab.
Go to Real-Time Computer Protection → Behavior Detection and click the Configure button.
The Behavior Detection window opens.
Use the Enable Behavior Detection check box to enable or disable the component.
Go to the Protection of shared folders tab.
Use the Enable protection of shared folders against external encryption check box to enable or disable the option.
Select the relevant action in the Detection of external encryption block:
Block connection. If this option is selected, when Kaspersky Embedded Systems Security detects an attempt to modify files in shared folders, it blocks access to file modification (read only) for the session that initiated the malicious activity and creates backup copies of the modified files.
If the Remediation Engine component is enabled and the Block connection option is selected, modified files are restored from backup copies.
Inform. If this option is selected, then if an attempt to modify files in shared folders is detected, Kaspersky Embedded Systems Security adds information about this file modification attempt in shared folders to the list of active threats, adds a record to reports of the local interface of the application, and sends information about malicious activity detection to Kaspersky Security Center.
If necessary, create a protection scope and configure exclusions.
Save your changes. To apply the policy on computers, close the locks .
In the Kaspersky Embedded Systems Security Console tree, select Real-Time Computer Protection → Behavior Detection.
In the results pane of the Behavior Detection node, click Properties.
This opens the Properties:Behavior Detection window.
Select the Behavior Detection check box.
Go to the Protection of shared folders tab.
Use the Protect shared folders check box to enable or disable the option.
Select the relevant action in the Protection of shared folders against external encryption block:
Block connection forN min. If this option is selected, when Kaspersky Embedded Systems Security detects an attempt to modify files in shared folders, it blocks access to file modification (read only) for the session that initiated the malicious activity and creates backup copies of the modified files.
If the Remediation Engine component is enabled and the Block connection forN min option is selected, modified files are restored from backup copies.
Inform. If this option is selected, then if an attempt to modify files in shared folders is detected, Kaspersky Embedded Systems Security adds information about this file modification attempt in shared folders to the list of active threats, adds a record to reports of the local interface of the application, and sends information about malicious activity detection to Kaspersky Security Center.
If necessary, create a protection scope and configure exclusions.
.
.