Anti-Cryptor task settings

This section provides information about the settings you can specify for the Anti-Cryptor task.

All available values and default values for each setting are described.

UseHostBlocker

Enables or disables blocking of untrusted hosts.

If blocking of untrusted hosts is disabled, Kaspersky Endpoint Security still scans remote computers actions on network file resources for malicious encrypting when the Anti-Cryptor task is running. In case of malicious activity detection, the EncryptionDetected event is created, but an attacking host is not be blocked.

Available values:

Yes—Enable blocking of untrusted hosts

No—Disable blocking of untrusted hosts

Default value: Yes

BlockTime

Specifies the time to block an untrusted host (in minutes).

If a compromised host is blocked, and you change a value for the BlockTime setting, the blocking time for this host will not change. The blocking time is not a dynamic value, and is calculated at the moment of blocking.

Available values:

Integer from 1 to 4294967295

Default value: 30

UseExcludeMasks

Enables or disables the exclusion from protection scope of objects specified by the ExcludeMasks setting.

This setting works only with the ExcludeMasks setting specified.

Available values:

Yes—Exclude objects specified by the ExcludeMasks setting from the protection scope

No—Do not exclude objects specified by the ExcludeMasks setting from the protection scope

Default value: No

ExcludeMasks

Specifies a list of masks that define objects to be excluded from the protection scope.

Before specifying this parameter, make sure the UseExcludeMasks setting’s value is set to Yes.

Masks are specified in command shell format.

If you want to specify several masks, each mask must be specified on a new line with new index specified (ExcludeMasks.item_0000, ExcludeMasks.item_0001).

Default value: not defined

Section [ScanScope.item_#]

[ScanScope.item_#] sections specify scopes to be protected by Kaspersky Endpoint Security. At least one protection scope must be specified for the Anti-Cryptor task.

For the Anti-Cryptor task only shared directories can be specified.

You can define several [ScanScope.item_#] sections in a configuration file in any order. Kaspersky Endpoint Security will process scopes by an item index in ascending order.

Each [ScanScope.item_#] section contains the following settings:

AreaDesc

Specifies the name of the protection scope.

Default value: AllSharedFolders

UseScanArea

Enables or disables protection of the specified scope.

Available values:

Yes—Protect a specified scope

No—Do not protect a specified scope

Default value: Yes

Path

Specifies the path to the objects to be protected.

Available values:

absolute path available via SMB / NFS (for example, Path=/tmp)

AllShared—Protect all resources shared via SMB / NFS

Shared:SMB <path>—Protect resources shared via SMB

Shared:NFS <path>—Protect resources shared via NFS

Default value: AllShared

AreaMask.item_#

Specifies a command line shell mask that defines the objects to be protected.

You can specify several AreaMask.item_# items in any order. Kaspersky Endpoint Security will process items by indexes in ascending order.

Default value: * (all objects will be processed)

Section [ExcludedFromScanScope.item_#]

[ExcludedFromScanScope.item_#] sections specify the objects to be excluded from all [ScanScope.item_#] sections.

All objects that match the rules of any [ExcludedFromScanScope.item_#] section will not be scanned. A [ExcludedFromScanScope.item_#] section format is similar to the format of a [ScanScope.item_#] section.

You can define several [ExcludedFromScanScope.item_#] sections in a configuration file in any order. Kaspersky Endpoint Security will process scopes by an item index in ascending order

Each [ScanScope.item_#] section contains the following settings:

AreaDesc

Specifies the name of the scope to be excluded from scanning.

Default value: All objects

UseScanArea

Specifies whether the specifies scope will be excluded from the protection.

Available values:

Yes—Exclude a specified scope from the protection

No—Do not exclude the specified scope from the protection

Default value: Yes

Path

Specifies the path to the objects to be excluded from the protection.

You can specify only an absolute path to a local directory (for example, /root /tmp/123) that will not be protected by the Anti-Cryptor.

Default value: not defined

AreaMask.item_#

Specifies a command line shell mask that defines the objects to be excluded from the protection.

You can specify several AreaMask.item_# items in any order. Kaspersky Endpoint Security will process items by indexes in ascending order.

Default value: * (all objects will be processed)

Page top