Creating a Protection Policy
To protect your servers from ransomware, you can create a policy, set critical file paths in the policy, and enable machine learning.
Machine learning automatically collects and aggregates normal application behavior on the servers associated with the policy. Operations on files performed by untrusted applications or applications that are not specified in the policy will trigger alarms.
Ransomware prevention is a trial function in the current version. To use stronger functions, purchase HSS (New).
Prerequisites
- The enterprise or WTP edition HSS has been enabled.
- The Agent Status of the Linux server is Online.
Creating a Linux Protection Policy
- Log in to the management console.
- In the upper left corner of the page, select a region, click , and choose .
- On the Ransomware page, click the Policies tab, and click Create Policy, as shown in Figure 1.
- Set policy details, as shown in Figure 2.
Table 1 Policy parameters Parameter
Description
Policy Name
Ransomware prevention policy name
Bait File
If you enable the bait file function, HSS will put a bait file on each protected server to trap and kill ransomware.
Intelligent Learning Period
Select 7 days, 15 days, or 30 days.
HSS uses a machine learning engine to identify if an application has possibly tampered with any of the files on your servers.
Action
Action taken when suspicious operations on monitored files are detected. For example, report alarms.
Monitored Locations
Path of monitored files. Multiple paths are separated by semicolons (;). Operations on the files in these paths are monitored.
Example: /opt;/opt/sap
NOTE:You are advised to configure this parameter to specific file paths. To protect all paths, set this parameter to --.
File Types
Extension of monitored files. Multiple paths are separated by semicolons (;).
Example: sql;txt;sh
- Click Add Server. In the displayed Add Server dialog box, select associated servers, as shown in Figure 3.
- Click OK.
- You can check the name, IP address, and system of the associated server.
- To remove an associated server, click Delete in the Operation column.
- Click Create and Learn.
Created policies will be displayed in the policy list, as shown in Figure 4.
Table 2 Policy list parameters Parameter
Description
Policy Name
Intelligent learning policy name
Servers Protected
Number of servers protected by the policy
Servers Being Studied
Number of servers where the learning is performed
Trusted Processes
Number of trusted processes. After the intelligent learning policy takes effect, HSS automatically identifies and counts trusted processes on your server.
Monitored Locations
Locations of monitored files
File Types
Extensions of monitored files
Action
Action taken when suspicious operations on monitored files are detected.
Example: Report alarm
Bait File
- Enabled: The bait file function is enabled. HSS puts a bait file on each protected server. Ransomware attempting to encrypt bait files will trigger alarms immediately.
- Disabled: The bait file function is disabled.
Creating a Windows Protection Policy
- Log in to the management console.
- In the upper left corner of the page, select a region, click , and choose .
- On the Ransomware page, click the Policies tab, and click Create Policy, as shown in Figure 5.
- Set policy details, as shown in Figure 6.
Table 3 Basic information parameters Parameter
Description
Policy Name
Ransomware prevention policy name
Intelligent Learning Period
Select 7 days, 15 days, or 30 days.
HSS uses a machine learning engine to identify if an application has possibly tampered with any of the files on your servers.
Action
Action taken when suspicious operations on monitored files are detected. For example, report alarms.
Monitored Locations
Path of monitored files. Multiple paths are separated by semicolons (;). Operations on the files in these paths are monitored.
If no paths are specified, all the files on the servers associated to the policy are monitored.
File Types
Extension of monitored files. Multiple paths are separated by semicolons (;).
- Click Add Server. In the displayed Add Server dialog box, select associated servers, as shown in Figure 7.
- Click OK.
- You can check the name, IP address, and system of the associated server.
- To remove an associated server, click Delete in the Operation column.
- Click Create and Learn.
Created policies will be displayed in the policy list, as shown in Figure 8.
Table 4 Policy list parameters Parameter
Description
Policy Name
Intelligent learning policy name
Servers Protected
Number of servers protected by the policy
Servers Being Studied
Number of servers where the learning is performed
Trusted Processes
Number of trusted processes. After the intelligent learning policy takes effect, HSS automatically identifies and counts trusted processes on your server.
Monitored Locations
Path of monitored files. Multiple paths are separated by semicolons (;). Operations on the files in these paths are monitored.
If no paths are specified (-- is displayed), all the files on the servers associated to the policy are monitored.
File Types
Extension of monitored files. Multiple paths are separated by semicolons (;).
Action
Action taken when suspicious operations on monitored files are detected.
For example, report alarms.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot