Creating and configuring FPolicy
While creating the FPolicy for the first time, Kaspersky experts recommend to apply the configuration specified in the table below.
FPolicy settings
Parameter | String | Value | Note |
_EVENT CREATE
This parameter identifies the file operations that will be intercepted and reported to Kaspersky Security for Windows Server for analysis and detection encryption attempts. | Vserver name | <svm_name> | Must coincide with the value specified in the Anti-Cryptor for NetApp task settings on the external engine side (Kaspersky Security for Windows Server). |
Event | <events_source> | Will be used as a source for the FPolicy. | |
Protocol | cifs |
| |
File operations | create, open, rename, write, close, setattr, delete |
| |
Filters | close-with-modification, first-write, write-with-size-change, open-with-delete-intent, open-with-write-intent |
| |
Is volume operation required | false |
| |
_ENGINE CREATE
This parameter determines the settings for the connection to an external engine (or FPolicy server).
| Vserver name | <svm_name> | Must coincide with the value specified in the Anti-Cryptor for NetApp task settings on the external engine. |
Engine | <engine_name> | External engine name. Must coincide with the value specified in the Anti-Cryptor for NetApp task settings on the external engine. | |
Primary FPolicy servers | <primary_server_ip> | Only one server is allowed. | |
Port Number of FPolicy Service | <port_number> | 1346 is recommended. Must coincide with the value specified in the Anti-Cryptor for NetApp task settings on the external engine. | |
Secondary FPolicy servers | <secondary_server_ip> | If a primary server is selected, the secondary server is not available. | |
External Engine Type | Synchronous | Asynchronous mode is not supported. | |
SSL option for external communication | No-auth |
| |
FQDN or CCN | - |
| |
Serial Number of Certificate | - |
| |
Certificate Authority | - |
| |
_POLICY CREATE
This parameter determines the future FPolicy settings. | Vserver name | <svm_name> | Must coincide with the value specified in the Anti-Cryptor for NetApp task settings on the external engine. |
Fpolicy | <fpolicy_name> | Must coincide with the value specified in the Anti-Cryptor for NetApp task settings on the external engine. | |
Events to Monitor | <events_source> |
| |
FPolicy Engine | <engine_name> | External engine string name. Must coincide with the value specified in the Anti-Cryptor for NetApp task settings on the external engine. | |
Is mandatory screening required | true |
| |
Allow privileged access | yes |
| |
User name for privileged access | <user_name> | The same value must be specified in the Anti-Cryptor for NetApp task settings for the Credentials field to access shared folders on network attached storage.
| |
Is passthrough read enabled | false |
| |
_SCOPE CREATE
This parameter determines the protection scope covered by the external engine. | Vserver name | <svm_name> | We recommend that you specify the widest possible area for protecting the network attached storage. We recommend that you add exclusions in the Anti-Cryptor for NetApp task settings.
|
Policy | <fpolicy_name> |
We recommend that you specify the highlighted values in the table. Other values may vary depending on your requirements.
If FPolicy settings are changed on the network attached storage while the Anti-Cryptor for NetApp task is running, the Anti-Cryptor for NetApp task must be restarted to apply the new settings.
