Protection of shared folders against external encryption

The component monitors operations performed only with those files that are stored on mass storage devices with the NTFS file system and that are not encrypted with EFS.

Protection of shared folders against external encryption provides for analysis of activity in shared folders. If this activity matches a behavior stream signature that is typical for external encryption, Kaspersky Endpoint Security performs the selected action.

If Kaspersky Endpoint Security detects an attempt to modify files in shared folders, it takes the following actions:

• Blocks access to file modification for the session that initiated the malicious activity (the file will be read-only).
• Creates backup copies of files that are being modified.
• Adds an entry to local application interface reports and sends information about the detected malicious activity to Kaspersky Security Center.
• Also, if the Remediation Engine component is enabled, the modified files are restored from backup copies.

In this section Enabling and disabling protection of shared folders against external encryption Configuring the blocking period of an untrusted computer Editing the protection scope Adding trusted computers for external data encryption Exporting and importing a list of exclusions from protection of shared folders against external encryption

Page top