Anti-Cryptor task settings
January 20, 2022
ID 161332
This section provides information about the settings you can specify for the Anti-Cryptor task.
All available values and default values for each setting are described.
UseHostBlocker
Enables or disables blocking of untrusted computers.
If blocking of untrusted computers is disabled, Kaspersky Endpoint Security still scans remote computers actions on network file resources for malicious encrypting when the Anti-Cryptor task is running. In case of malicious activity detection, the EncryptionDetected
event is created, but an attacking computer is not blocked.
Available values:
Yes
—Enable blocking of untrusted computers
No
—Disable blocking of untrusted computers
Default value: Yes
BlockTime
Specifies the time to block an untrusted computer (in minutes).
If a compromised computer is blocked, and you change a value for the BlockTime
setting, the blocking time for this computer will not change. The blocking time is not a dynamic value, and is calculated at the moment of blocking.
Available values:
Integer from 1
to 4294967295
.
Default value: 30
UseExcludeMasks
Enables or disables the exclusion from protection scope of objects specified by the ExcludeMasks
setting.
This setting works only with the ExcludeMasks
setting specified.
Available values:
Yes
—Exclude objects specified by the ExcludeMasks
setting from the protection scope
No
—Do not exclude objects specified by the ExcludeMasks
setting from the protection scope
Default value: No
ExcludeMasks
Specifies a list of masks that define objects to be excluded from the protection scope.
Before specifying this parameter, make sure the UseExcludeMasks
setting’s value is set to Yes
.
Masks are specified in command shell format.
If you want to specify several masks, each mask must be specified on a new line with new index specified (ExcludeMasks.item_0000
, ExcludeMasks.item_0001
).
Default value: not defined
Section [ScanScope.item_#]
[ScanScope.item_#]
sections specify scopes to be protected by Kaspersky Endpoint Security. At least one protection scope must be specified for the Anti-Cryptor task.
For the Anti-Cryptor task only shared directories can be specified.
You can define several [ScanScope.item_#]
sections in a configuration file in any order. Kaspersky Endpoint Security will process scopes by an item index in ascending order.
Each [ScanScope.item_#]
section contains the following settings:
AreaDesc
Specifies the name of the protection scope.
Default value: All shared folders
UseScanArea
Enables or disables protection of the specified scope.
Available values:
Yes
—Protect a specified scope
No
—Do not protect a specified scope
Default value: Yes
Path
Specifies the path to the objects to be protected.
Available values:
absolute path available via SMB/NFS (for example, Path=/tmp
)
AllShared
—Protect all resources shared via SMB/NFS
Shared:SMB <path>
—Protect resources shared via SMB
Shared:NFS <path>
—Protect resources shared via NFS
Default value: AllShared
AreaMask.item_#
Specifies a command line shell mask that defines the objects to be protected.
You can specify several AreaMask.item_#
items in any order. Kaspersky Endpoint Security will process items by indexes in ascending order.
Default value: *
(all objects will be processed).
Section [ExcludedFromScanScope.item_#]
[ExcludedFromScanScope.item_#]
sections specify the objects to be excluded from all [ScanScope.item_#]
sections.
All objects that match the rules of any [ExcludedFromScanScope.item_#]
section will not be scanned. A [ExcludedFromScanScope.item_#]
section format is similar to the format of a [ScanScope.item_#]
section.
You can define several [ExcludedFromScanScope.item_#]
sections in a configuration file in any order. Kaspersky Endpoint Security will process scopes by an item index in ascending order
Each [ScanScope.item_#]
section contains the following settings:
AreaDesc
Specifies the name of the scope to be excluded from scanning.
Default value: All objects
UseScanArea
Specifies whether the specifies scope will be excluded from the protection.
Available values:
Yes
—Exclude a specified scope from the protection
No
—Do not exclude the specified scope from the protection
Default value: Yes
Path
Specifies the path to the objects to be excluded from the protection.
You can specify only an absolute path to a local directory (for example, /root/tmp/123
) that will not be protected by the Anti-Cryptor.
You can use masks to specify the path.
Default value: not defined
AreaMask.item_#
Specifies a command line shell mask that defines the objects to be excluded from the protection.
You can specify several AreaMask.item_#
items in any order. Kaspersky Endpoint Security will process items by indexes in ascending order.
Default value: *
(all objects will be processed).