Handling an Alarm Event
If a ransomware protection policy takes effect on servers, HSS will check operations performed on monitored files on the servers, mark the operations as trusted or untrusted, and report alarms on operations performed by the applications that are untrusted or not specified in the policy.
The event management page displays untrusted operations that match a policy and the operations performed by applications that are not specified in any policies.
You should manually check untrusted events and prevent them from harming your servers.
You are advised to pay attention to these events and handle them in a timely manner.
Ransomware prevention is a trial function in the current version. To use stronger functions, purchase HSS (New).
Checking the Alarm Event List
- Log in to the management console.
- In the upper left corner of the page, select a region, click
, and choose . - On the Ransomware page, click the Events tab, as shown in Figure 1.
Table 1 Ransomware prevention event parameters Parameter
Description
File Path
Path of the file operated by an application
Affected Server & IP
Name and IP address of the server where the file operation is performed
Process Path
Path of the Application that performs operations on files
Signature Issuer
Signature issuer
Matched Policy
Policy that matches the alarm
Reported
Time when an alarm is reported
Status
Event status. Its value can be Handled or Unhandled.
Handling an Alarm Event
- In the Operation column of an event, click Handle, as shown in Figure 2.
- In the displayed dialog box, select Trusted or Untrusted, as shown in Figure 3.
Table 2 Event handling parameters Marked As
Description
Trusted
An application marked as trusted will not trigger alarms if it performs operation on files under monitored paths.
Untrusted
An application marked as untrusted will trigger alarms if it performs operation on files under monitored paths.
- Click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
