Kaspersky Security 11.x for Windows Server

Creating and configuring FPolicy

June 10, 2022

ID 158447

While creating the FPolicy for the first time, Kaspersky experts recommend to apply the configuration specified in the table below.

FPolicy settings






This parameter identifies the file operations that will be intercepted and reported to Kaspersky Security for Windows Server for analysis and detection encryption attempts.

Vserver name


Must coincide with the value specified in the Anti-Cryptor for NetApp task settings on the external engine side (Kaspersky Security for Windows Server).



Will be used as a source for the FPolicy.



File operations

create, open, rename, write, close, setattr, delete


close-with-modification, first-write, write-with-size-change, open-with-delete-intent, open-with-write-intent

Is volume operation required



This parameter determines the settings for the connection to an external engine (or FPolicy server).

Vserver name


Must coincide with the value specified in the Anti-Cryptor for NetApp task settings on the external engine.



External engine name. Must coincide with the value specified in the Anti-Cryptor for NetApp task settings on the external engine.

Primary FPolicy servers


Only one server is allowed.

Port Number of FPolicy Service


1346 is recommended. Must coincide with the value specified in the Anti-Cryptor for NetApp task settings on the external engine.

Secondary FPolicy servers


If a primary server is selected, the secondary server is not available.

External Engine Type


Asynchronous mode is not supported.

SSL option for external communication




Serial Number of Certificate


Certificate Authority



This parameter determines the future FPolicy settings.

Vserver name


Must coincide with the value specified in the Anti-Cryptor for NetApp task settings on the external engine.



Must coincide with the value specified in the Anti-Cryptor for NetApp task settings on the external engine.

Events to Monitor


FPolicy Engine


External engine string name. Must coincide with the value specified in the Anti-Cryptor for NetApp task settings on the external engine.

Is mandatory screening required


Allow privileged access


User name for privileged access


The same value must be specified in the Anti-Cryptor for NetApp task settings for the Credentials field to access shared folders on network attached storage.

Is passthrough read enabled



This parameter determines the protection scope covered by the external engine.

Vserver name


We recommend that you specify the widest possible area for protecting the network attached storage. We recommend that you add exclusions in the Anti-Cryptor for NetApp task settings.



We recommend that you specify the highlighted values in the table. Other values may vary depending on your requirements.

If FPolicy settings are changed on the network attached storage while the Anti-Cryptor for NetApp task is running, the Anti-Cryptor for NetApp task must be restarted to apply the new settings.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.