Managing Ransomware Prevention Policies¶
Important
Currently, you can create a ransomware prevention policy only when enabling ransomware prevention.
Constraints¶
Only premium, WTP, and container editions support ransomware protection.
Creating a Policy¶
Log in to the management console.
Click in the upper left corner of the page, select a region, and choose Security > HSS. The HSS page is displayed.
In the navigation pane, choose Prevention > Ransomware Prevention. Click the Protected Servers tab. Click Add Server.
Note
If your servers are managed by enterprise projects, you can select an enterprise project to view or operate the asset and scan information.
In the slide pane that is displayed, select Linux or Windows, enable protection, and select Create new. For more information, see Table 1.
The following uses a Linux server as an example.
¶ Parameter
Description
Example Value
Policy
Policy name
test
Action
Indicates how an event is handled.
Report alarm and isolate
Report alarm
Report alarm and isolate
Bait File
After bait protection is enabled, the system deploys bait files in protected directories and key directories (unless otherwise specified by users). A bait file occupies only a few resources and does not affect your server performance.
If ransomware prevention is enabled, this function is enabled by default.
Note
Currently, Linux servers support dynamic generation and deployment of bait files. Windows servers support only static deployment of bait files.
Enabled
Bait File Directories
Protected directories (excluding subdirectories).
Separate multiple directories with semicolons (;). You can configure up to 20 directories.
This parameter is mandatory for Linux servers and optional for Windows servers.
Linux: /etc/lesuo
Windows: C:\Test
Excluded Directory (Optional)
Directories where bait files are not deployed.
Separate multiple directories with semicolons (;). You can configure up to 20 excluded directories.
Linux: /test
Windows: C:\ProData
Protected File Type
Types of files to be protected.
More than 70 file formats can be protected, including databases, containers, code, certificate keys, and backups.
This parameter is mandatory for Linux servers only.
Select all
Click Next and select servers. You can search for a server by its name or by filtering.
Click OK to enable ransomware protection and create the policy.
In the navigation pane, choose Prevention > Ransomware Prevention. Click the Policies tab and check the new policy.
Modifying a Policy¶
Log in to the management console and go to the HSS page.
In the navigation pane, choose Prevention > Ransomware Prevention. Click the Policies tab.
Click Edit in the Operation column of a policy. Edit the policy configurations and associated servers. For more information, see Table 2.
The following uses a Linux server as an example. On the Protected Servers tab, you can also click the name of the policy associated with the server to edit the policy.
¶ Parameter
Description
Example Value
Policy
Policy name
test
Action
Indicates how an event is handled.
Report alarm and isolate
Report alarm
Report alarm and isolate
Bait File
After bait protection is enabled, the system deploys bait files in protected directories and key directories (unless otherwise specified by users). A bait file occupies only a few resources and does not affect your server performance.
If ransomware prevention is enabled, this function is enabled by default.
Note
Currently, Linux servers support dynamic generation and deployment of bait files. Windows servers support only static deployment of bait files.
Enabled
Bait File Directories
Protected directories (excluding subdirectories).
Separate multiple directories with semicolons (;). You can configure up to 20 directories.
This parameter is mandatory for Linux servers and optional for Windows servers.
Linux: /etc/lesuo
Windows: C:\Test
Excluded Directory (Optional)
Directories where bait files are not deployed.
Separate multiple directories with semicolons (;). You can configure up to 20 excluded directories.
Linux: /test
Windows: C:\ProData
Protected File Type
Types of files to be protected.
More than 70 file formats can be protected, including databases, containers, code, certificate keys, and backups.
This parameter is mandatory for Linux servers only.
Select all
Confirm the policy information and click OK.
Deleting a Policy¶
Log in to the management console and go to the HSS page.
In the navigation pane, choose Prevention > Ransomware Prevention. Click the Policies tab.
Click Delete in the Operation column of the target policy.
Note
After a policy is deleted, the associated servers are no longer protected. Before deleting a policy, you are advised to bind its associated servers to other policies.
Confirm the policy information and click OK.