Enabling and disabling protection of shared folders against external encryption
By default, protection of shared folders against external encryption is enabled and working in the mode that is recommended by Kaspersky experts. To configure this functionality, you can create a protection scope and, if necessary, configure exclusions. By default, the application automatically identifies shared folders and tracks file activity in all folders. If an attempt at external encryption of files in shared folders is detected, Kaspersky Industrial CyberSecurity for Nodes blocks the session of the remote user for one hour (by default).
After Kaspersky Industrial CyberSecurity for Nodes is installed, the protection of shared folders against external encryption will be limited until the computer is restarted.
In the Kaspersky Security Center Administration Console tree, select the Policies folder.
Select the necessary policy and double-click to open the policy properties.
In the policy properties window, select Real-Time Computer Protection.
Click Settings in the Anti-Cryptor section.
Use the Anti-Cryptor check box to enable or disable the component.
Go to the Protection of shared folders tab.
Use the Protect shared folders check box to enable or disable the option.
Select the relevant action in the Protection of shared folders against external encryption block:
Block connection forN min. If this option is selected, when Kaspersky Industrial CyberSecurity for Nodes detects an attempt to modify files in shared folders, it blocks access to file modification (read only) for the session that initiated the malicious activity and creates backup copies of the modified files.
If the Remediation Engine component is enabled and the Block connection forN min option is selected, modified files are restored from backup copies.
Inform. If this option is selected, then if an attempt to modify files in shared folders is detected, Kaspersky Industrial CyberSecurity for Nodes adds information about this file modification attempt in shared folders to the list of active threats, adds a record to reports of the local interface of the application, and sends information about malicious activity detection to Kaspersky Security Center.
If necessary, create a protection scope and configure exclusions.
Save your changes. To apply the policy on computers, close the locks .
In the main window of the Web Console, select Assets (Devices) → Policies & profiles.
Click the name of the Kaspersky Industrial CyberSecurity for Nodes policy.
The policy properties window opens.
Select the Application settings tab.
Go to Real-Time Computer Protection → Anti-Cryptor and click the Configure button.
The Anti-Cryptor window opens.
Use the Enable Anti-Cryptor check box to enable or disable the component.
Go to the Protection of shared folders tab.
Use the Enable protection of shared folders against external encryption check box to enable or disable the option.
Select the relevant action in the Detection of external encryption block:
Block connection. If this option is selected, when Kaspersky Industrial CyberSecurity for Nodes detects an attempt to modify files in shared folders, it blocks access to file modification (read only) for the session that initiated the malicious activity and creates backup copies of the modified files.
If the Remediation Engine component is enabled and the Block connection option is selected, modified files are restored from backup copies.
Inform. If this option is selected, then if an attempt to modify files in shared folders is detected, Kaspersky Industrial CyberSecurity for Nodes adds information about this file modification attempt in shared folders to the list of active threats, adds a record to reports of the local interface of the application, and sends information about malicious activity detection to Kaspersky Security Center.
If necessary, create a protection scope and configure exclusions.
Save your changes. To apply the policy on computers, close the locks .
Select Real-Time Computer Protection → Anti-Cryptor in the Kaspersky Industrial CyberSecurity for Nodes Console tree.
Click Properties in the results pane of the Anti-Cryptor node.
The Properties:Anti-Cryptor window opens.
Select the Anti-Cryptor check box.
Go to the Protection of shared folders tab.
Use the Protect shared folders check box to enable or disable the option.
Select the relevant action in the Protection of shared folders against external encryption block:
Block connection forN min. If this option is selected, when Kaspersky Industrial CyberSecurity for Nodes detects an attempt to modify files in shared folders, it blocks access to file modification (read only) for the session that initiated the malicious activity and creates backup copies of the modified files.
If the Remediation Engine component is enabled and the Block connection forN min option is selected, modified files are restored from backup copies.
Inform. If this option is selected, then if an attempt to modify files in shared folders is detected, Kaspersky Industrial CyberSecurity for Nodes adds information about this file modification attempt in shared folders to the list of active threats, adds a record to reports of the local interface of the application, and sends information about malicious activity detection to Kaspersky Security Center.
If necessary, create a protection scope and configure exclusions.
.
.