How to protect against cryptoviruses in Kaspersky Endpoint Security 10 for Windows
This article concerns Kaspersky Endpoint Security 10 for Windows:
- Service Pack 1 Maintenance Release 4 (version 10.2.6.3733)
- Service Pack 1 Maintenance Release 3 (version 10.2.5.3201)
- Service Pack 1 Maintenance Release 2 (version 10.2.4.674)
To reduce the risk of being infected by cryptoviruses (malware that encrypts your files and demand a ransom), we recommend that you enable the following protection components:
- System Watcher and BSS. System Watcher collects data on the actions of applications on your computer, while BSS monitors their behavior.
- Application Privilege Control. This component enables a more thorough analysis of suspicious files and increases the probability of malware detection.
- Kaspersky Security Network.
How to configure the settings locally
-
Open Kaspersky Endpoint Security 10 for Windows.
-
In the Settings tab, select Endpoint control → Application Privilege Control and click the Resources button.
-
Select the Personal data node, click Add and select Category.
-
Create a category called Protected file types and create several subcategories within it (Documents, Images, etc.).
-
Select the category corresponding to the protected files type (for example, Documents for files with the *.doc extension), click Add and select File or folder. Specify a mask for the file type by using an asterisk *.<extension>
-
Add the other file types the same way.
-
Configure access permissions for the Protected file types category for applications with high and low restrictions by blocking Write, Delete and Create actions. Make sure that the applications you often use with protected file types are in the Trusted group.
If your browser is located in a group with high or low restrictions it will not be possible to download protected files.
How to configure the settings via Kaspersky Security Center 10
-
Open the Administration Console, go to the Managed devices node and select the Policies tab.
-
Open the active Kaspersky Endpoint Security policy, select Endpoint control → Application Privilege Control and click the Settings button.
-
Select the Personal data node, click Add and select Category.
-
Create several categories (for example, Documents, Images, etcetera).
-
Select the category corresponding to the protected files type (for example, Documents for files with the *.doc extension), click Add and select File or folder. Specify the mask for the file type by using an asterisk *.<extension>
- Add the other of file types the same way.
- Configure access permissions for the Protected file types category for applications with high and low restrictions by blocking Write, Delete and Create actions. Enable Log events for each of them.
Make sure that the applications you often use with protected file types are in the Trusted group.
- Go to the Event notification section and open the Info tab. Open the properties for Application Privilege Control rule triggered.
- Click the checkbox beside On Administration Server for (days). If necessary, you can configure the settings to send the events to your email.
The server is able to register many events. These events will delete old ones as the Kaspersky Security Center database is filled.
After configuring these settings, you will be able to monitor when the files you have specified are launched. If one of these files launches on any computer, Kaspersky Security Center will register an event.
-
Save the policy.
Before installing patches for Kaspersky Lab products, it is necessary to temporarily restore initial settings.
To be able to use all the functions of Kaspersky Security Center Remote Diagnostic Utility, restore initial settings or disable the Application Privilege Control component.
If your browser is located in a group with high or low restrictions, then it will not be possible to download protected files.
File types
These are the file types that are most often encrypted by ransomware:
| File type | Extension |
|---|---|
Documents | .doc .docx .pdf |
.xls .xlsx | |
.ppt .pptx .rtf | |
.odt .odp .ods | |
.djvu | |
Images | .jpg .jpeg .bmp |
.gif .png .psd | |
.cdr .dwg .max | |
.3ds | |
Archives | .rar .zip .7z |
.tar .gz | |
Multimedia | .avi .mp3 .wav |
.mkv .flac .mp4 | |
.mov .wmv | |
Databases | .mdb .1cd .sqlite |
.sql | |
Other | .kwm .iso .torrent |
.php .c .cpp | |
.pas .cer .key | |
.pst .lnk | |
How to submit suspicious files for analysis
If you have detected a suspicious file which might have infected your computer or encrypted your files, you can send a request to Kaspersky Lab Technical Support. Attach the file to your request and add the comment “possible cryptovirus”. You can find the files that were deleted during disinfection in backup storage.
- Open Kaspersky Endpoint Security 10 for Windows.
- Go to Quarantine and then open the Backup tab.
How-to videos
Watch videos on how to protect against cryptoviruses in Kaspersky Endpoint Security 10:
