Managing Protection Policies

Constraints

Only premium, WTP, and container editions support ransomware protection.

Creating a Policy

1. Log in to the management console.
2. In the upper left corner of the page, click , select a region, and choose Security > Host Security Service.
3. In the navigation pane, choose Prevention > Ransomware Prevention. Click the Protected Servers tab. Click Add Server.

4. In the slide pane that is displayed, select Linux, enable protection, and select Create new. For more information, see Table 1.
   The following uses a Linux server as an example.

   Table 1 Protection policy parameters

   Parameter	Description	Example Value
   Policy	Policy name	test
   Action	Indicates how an event is handled. Report alarm and isolate Report alarm	Report alarm and isolate
   Honeypot Protection	After honeypot protection is enabled, the system deploys honeypot files in protected directories and key directories (unless otherwise specified by users). A honeypot file occupies only a few resources and does not affect your server performance. If ransomware prevention is enabled, this function is enabled by default. NOTE: Currently, Linux servers support dynamic generation and deployment of honeypot files. Windows servers support only static deployment of honeypot files.	Enabled
   Honeypot File Directories	Protected directories (excluding subdirectories). Separate multiple directories with semicolons (;). You can configure up to 20 directories. This parameter is mandatory for Linux servers and optional for Windows servers.	Linux: /etc/lesuo Windows: C:\Test
   Excluded Directory (Optional)	Directories where honeypot files are not deployed. Separate multiple directories with semicolons (;). You can configure up to 20 excluded directories.	Linux: /test Windows: C:\ProData
   Protected File Type	Types of files to be protected. More than 70 file formats can be protected, including databases, containers, code, certificate keys, and backups. This parameter is mandatory for Linux servers only.	Select all
   (Optional) Process Whitelist	Paths of the process files that can be automatically ignored during the detection, which can be obtained from alarms. This parameter is mandatory only for Windows servers.	-

5. Click Next and select servers. You can search for a server by its name or by filtering.
6. Click OK to enable ransomware protection and create the policy.
7. In the navigation pane, choose Prevention > Ransomware Prevention. Click the Policies tab and check the new policy.

Modifying a Policy

1. Log in to the management console and go to the HSS page.
2. In the navigation pane, choose Prevention > Ransomware Prevention. Click the Policies tab.
3. Click Edit in the Operation column of a policy. Edit the policy configurations and associated servers. For more information, see Protection policy parameters.
   The following uses a Linux server as an example.

   Table 2 Protection policy parameters

   Parameter	Description	Example Value
   Policy	Policy name	test
   Action	Indicates how an event is handled. Report alarm and isolate Report alarm	Report alarm and isolate
   Honeypot Protection	After honeypot protection is enabled, the system deploys honeypot files in protected directories and key directories (unless otherwise specified by users). A honeypot file occupies only a few resources and does not affect your server performance. If ransomware prevention is enabled, this function is enabled by default. NOTE: Currently, Linux servers support dynamic generation and deployment of honeypot files. Windows servers support only static deployment of honeypot files.	Enabled
   Honeypot File Directories	Protected directories (excluding subdirectories). Separate multiple directories with semicolons (;). You can configure up to 20 directories. This parameter is mandatory for Linux servers and optional for Windows servers.	Linux: /etc/lesuo Windows: C:\Test
   Excluded Directory (Optional)	Directories where honeypot files are not deployed. Separate multiple directories with semicolons (;). You can configure up to 20 excluded directories.	Linux: /test Windows: C:\ProData
   Protected File Type	Types of files to be protected. More than 70 file formats can be protected, including databases, containers, code, certificate keys, and backups. This parameter is mandatory for Linux servers only.	Select all
   (Optional) Process Whitelist	Paths of the process files that can be automatically ignored during the detection, which can be obtained from alarms. This parameter is mandatory only for Windows servers.	-

4. Confirm the policy information and click OK.

Deleting a Policy

1. Log in to the management console and go to the HSS page.
2. In the navigation pane, choose Prevention > Ransomware Prevention. Click the Policies tab.
3. Click Delete in the Operation column of the target policy.
   

   After a policy is deleted, the associated servers are no longer protected. Before deleting a policy, you are advised to bind its associated servers to other policies.

4. Confirm the policy information and click OK.