Enabling Ransomware Prevention and Backup
Once being attacked by ransomware, we need to identify and isolate ransomware and back up and restore service data in a timely manner. HSS uses ransomware detection engines and dynamic honeypots to prevent ransomware from intruding your system, encrypting data, or spreading to other devices. HSS can detect and remove ransomware in seconds, back up and recover service data in minutes, and provide industry-leading ransomware prevention and control capabilities.
You can enable ransomware prevention and backup to defend against ransomware attacks and reduce service loss risks, enhancing the ransomware prevention capabilities.
Step 1: Enabling Ransomware Prevention
If the version of the agent installed on the Linux server is 3.2.8 or later or the version of the agent installed on the Windows server is 4.0.16 or later, ransomware prevention is automatically enabled with the HSS premium, WTP, or container edition. If the agent version does not support the automatic enabling of ransomware prevention, you can manually enable it.
- Log in to the management console.
- Choose .
- Click the Protected Servers tab.
- In the Ransomware Prevention Status column of a server, click Enable.
You can also select multiple servers and click Enable Ransomware Prevention above the server list.
- In the Enable Ransomware Prevention dialog box, confirm the server information and select a protection policy.
- Click OK.
If the Ransomware Prevention Status of the server changes to Enabled, ransomware protection is enabled successfully.
Step 2: Configuring a Ransomware Prevention Policy
Configure honeypot file directories, excluded directories, and protected file types based on service requirements.
- Log in to the management console.
- Choose .
- Click the Protected Servers tab.
- In the row of the target server, click the policy name in the Policy column. The Edit Policy page is displayed.
- Configure the policy information by referring to Table 1.
Table 1 Protection policy parameters Parameter
Description
Example Value
OS
Server OS.
Linux
Policy
Policy name.
test
Action
How an event is handled.
- Report alarm and isolate
- Report alarm
Report alarm and isolate
Honeypot File Directories
Directory that need to be protected by static bait (excluding subdirectories). You are advised to configure important service directories or data directories.
Separate multiple directories with semicolons (;). You can configure up to 20 directories.
This parameter is mandatory for Linux servers and optional for Windows servers.
Linux: /etc
Windows: C:\Test
Excluded Directory (Optional)
Directory that does not need to be protected by bait files.
Separate multiple directories with semicolons (;). You can configure up to 20 excluded directories.
Linux: /etc/lesuo
Windows: C:\Test\ProData
Protected File Type
Types of files to be protected.
More than 70 file formats can be protected, including databases, containers, code, certificate keys, and backups.
This parameter is mandatory for Linux servers only.
Select all
(Optional) Process Whitelist
Paths of the process files that can be automatically ignored during the detection, which can be obtained from alarms.
This parameter is mandatory only for Windows servers.
-
- Confirm the policy information and click OK.
Step 3: Enabling Backup
To prevent service loss caused by ransomware attacks, enable the backup function for your servers to periodically back up service data.
If you do not have available vaults, purchase one by referring to and then enable the backup function.
- Log in to the management console.
- Choose .
- Click the Protected Servers tab.
- Select a server and click Enable Backup in the upper part of the server list.
Figure 1 Enabling backup
- In the Enable Backup dialog box, select a vault.
A vault that meets the following conditions can be bound:
- The vault is in Available or Locked state.
- The backup policy is in Enabled state.
- The vault has backup capacity available.
- The vault is bound to fewer than 256 servers.
- Click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.