Configuring exclusions from protection against external encryption
January 10, 2024
To enable exclusions from protection of shared folders against external encryption, you must enable auditing of successful attempts to log in to the system (select the Success check box for the "Audit Logon" setting) in the Windows security policy. For details, please visit the Microsoft website.
You can exclude remote device from protection of shared folders against external encryption by adding the name or IP address of the remote device to the exclusion list. The application will not monitor network activity from this device in relation to shared folders.
If you added the address of a remote device that accessed shared folders before Kaspersky Security was started to the list of exclusions from shared folder protection, the exclusion will not be applied for this device. You need to restart this device after starting Kaspersky Security to disregard the network activity from this device during protection of shared folders against external encryption.
You can also exclude an individual folder from protection of shared folders against external encryption. To do so, you need to configure a folder exclusion to be used by the System Watcher component. Exclusions are configured in the General protection settings section.
To use Kaspersky Security Center to exclude a remote device from protection of shared folders against external encryption:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the System Watcher section in the list on the left.
- In the right part of the window, in the General settings section, click the Settings button.
- In the Settings window that opens, click the Exclusions button.
- In the Exclusions window that opens, do one of the following:
- If you want to add an IP address or device name to the list of exclusions, click the Add button.
- If you want to edit an IP address or device name, select it in the list of exclusions and click the Edit button.
- In the Computer window that opens, enter the IP address or the name of the device whose attempts to modify files in shared folders will not be monitored.
- In the Computer window, click OK.
- Click OK in the Exclusions window.
- Click the Apply button.
To use the local interface to exclude a remote device from protection of shared folders against external encryption:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select System Watcher.
In the right part of the window, the System Watcher component’s settings are displayed.
- Click the Settings button.
The Settings window opens.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 7–11 of the previous instructions.
- To save changes, click the Save button.