Configuring the Kaspersky Security for Windows Server

Support

Support for business applications

Kaspersky Security 11.x for Windows Server

Network Attached Storage Protection

Anti-Cryptor for NetApp

Configuring the Kaspersky Security for Windows Server

May 25, 2022

ID 158889

Get as PDF

To establish the connection between the Kaspersky Security for Windows Server Anti-Cryptor for NetApp component and a protected network attached storage, the Anti-Cryptor for NetApp settings must be configured (see table below).

Anti-Cryptor for NetApp configuration

Setting	Possible values	Default
Task mode	Notify only Active	Active
Heuristic analyzer	Light – Medium – Deep	Applied with the “medium” heuristic level.
Exclusion list	Applied for all protected shares. Exclusion criteria: Mask (folder, object, extension) Client computer IP address Trusted user	Not defined
Addressing	Cluster IP-address Full list of clusters Credentials (login and password) for the CDOT local Administrator. This setting duplicates the value that has been configured for _POLICY CREATE parameter (User name for privileged access string) Credentials (login and password) for the user that is allowed to access the network attached storage shared folders. These settings duplicate values that have been configured for _ENGINE CREATE parameter on network attached storage side. FPolicy name SVM (Vserver) name Port (1346)	Not defined
Schedule	Not applied by default. The Run by schedule check box is cleared. You can configure the run schedule.	Not defined

Blocked hosts storage usage

The Blocked hosts storage is populated when the following conditions are met:

The Anti-Cryptor for NetApp task is started in an Active mode.
Anti-Cryptor for NetApp detects an encryption attempt on protected NetApp shares.

After the encryption attempt is detected, the Anti-Cryptor for NetApp component sends information about the compromised host to the Blocked Host Storage. After that, Kaspersky Security for Windows Server creates a critical event for the host blocking and blocks any file operation executed from this host.

By default Kaspersky Security for Windows Server automatically unblocks hosts in 30 minutes after they were added to the list. Computers' access to network file resources is restored automatically after they are deleted from the list of untrusted hosts.

You can modify the blocked hosts list:

Unblock hosts manually.
Configure blocking term.

When configuring the Anti-Cryptor for NetApp task, please pay attention to the external engine type that is used in the FPolicy settings (_ENGINE CREATE parameter).

Kaspersky Security for Windows Server logs the event with the result of received conclusion and performs an action according to the task mode.

Kaspersky Security for Windows Server supports two possible configurations:

#	Network Attached Storage mode	Anti-Cryptor for NetApp task mode	Description
1	Synchronous	Notify only	This configuration provides protection from encryption in the audit mode: the application only logs encryption events. You can switch to configuration 2 from Kaspersky Security for Windows Server.
2	Synchronous	Active	This configuration provides full protection: all compromised hosts are stored in the Blocked Hosts storage, any file operations executed by these hosts are blocked. You can switch to configuration 1 from protected network attached storage or from an external server.

See detailed information on how to configure the Blocked Hosts Storage in the Kaspersky Security for Windows Server Administrator's Guide.

Kaspersky Security for Windows Server: Prompt detection of all kinds of threats

Launch control and exploit prevention for businesses of all sizes. Buy as part of Endpoint Security for Business Advanced.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.