Help Center/ Host Security Service/ User Guide (Paris)/ Prevention/ Ransomware Prevention/ Viewing Ransomware Protection
Updated on 2024-08-14 GMT+08:00
View PDF

Viewing Ransomware Protection

After ransomware protection is enabled, if a ransomware attack event occurs on the server, the event will be recorded and displayed in the ransomware event list. You can handle the events based on your service requirements.

Prerequisites

You have enabled premium, WTP, or container edition.

Constraints

  • After ransomware protection is enabled, you need to handle ransomware alarms and fix the vulnerabilities in your systems and middleware in a timely manner.

Checking the Ransomware Prevention Overview

  1. Log in to the management console.
  2. Click in the upper left corner of the page, select a region, and choose Security > Host Security Service.
  3. In the navigation pane, choose Prevention > Ransomware Prevention. Check ransomware prevention details.

    Table 1 Ransomware prevention parameters

    Parameter

    Description

    Example Value

    Time range

    Select a time range to check ransomware defense statistics.

    Valid values: Last 24 hours, Last 3 days, Last 7 days, Last 30 days

    Last 30 days

    Protection Statistics

    Protected Servers

    Number of servers protected against ransomware.

    -

    Events

    Number of ransomware-related events detected within the specified time range.

    -

    Protected Servers

    Server Name/ID

    Server name and ID. You can click a server name to view its details.

    -

    IP Address

    EIP and private IP address of a server.

    -

    OS

    Server OS.

    Linux

    Server Status

    Server status. It can be:

    • Running
    • Stopped

    -

    Ransomware Protection Status

    Ransomware protection status of a server. Its value can be:

    • Enabling
    • Enabled
    • Disabling
    • Disabled

    Enabled

    Policy

    Policy used for the server.

    -

    Events

    Number of events detected within the selected time range.

    -

    Policies

    Policy

    Policy name.

    -

    Action

    Action of a policy. Its value can be:

    • Report alarm: If a virus is detected, an alarm will be reported.
    • Report alarm and isolate: If a virus is detected, an alarm will be reported and the virus will be isolated.

    Report alarm and isolate

    Honeypot Protection

    Files and directories that store invalid data on servers and are used as honeypots.

    If ransomware prevention is enabled, this function is enabled by default.

    After honeypot protection is enabled, the system deploys honeypot files in protected directories and key directories (unless otherwise specified by users). A honeypot file occupies only a few resources and does not affect your server performance.

    Enabled

    OS

    OS of the server to which the target policy is bound.

    Windows

    Associated Servers

    Number of servers associated with the policy.

    -

Parent topic: Ransomware Prevention