Help Center> Host Security Service (New)> User Guide> Prevention> Ransomware Prevention> Managing Policies
Updated on 2023-05-08 GMT+08:00
View PDF

Managing Policies

Currently, you can create a ransomware prevention policy only when enabling ransomware prevention.

Constraints

  • Only Huawei Cloud servers can be protected.
  • When enabling ransomware protection, configure server backup, handle the ransomware alarms, and fix system and middleware vulnerabilities in a timely manner. If the Server Backup function is not enabled, services may not be restored after being attacked.
  • Servers that are not protected by HSS premium, WTP, or container editions do not support ransomware prevention operations.
  • In pay-per-use billing mode, ransomware protection is not supported.

Creating a Policy

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service.

    Figure 1 Accessing HSS

  3. In the displayed dialog box, click Try the new edition to switch to the HSS (New) console.

    • Currently, HSS is available in the following regions: CN South-Guangzhou, CN-Hong Kong, AP-Bangkok, and AP-Singapore.
    • On the HSS (New) console, you can click Back to Old Console in the upper left corner to switch to the HSS (Old) console.

  4. In the navigation pane, choose Prevention > Ransomware Prevention. Click the Protected Servers tab. Click Add Server.

    If your servers are managed by enterprise projects, you can select an enterprise project to view or operate the asset and scan information.

  5. In the slide pane that is displayed, select Linux, enable protection, and select Create new. For more information, see Table 1.

    The following uses a Linux server as an example.
    Figure 2 Create a new policy
    Table 1 Protection policy parameters

    Parameter

    Description

    Example Value

    OS

    Server OS to be protected.

    Linux

    Ransomware Prevention

    You are advised to enable ransomware protection.

    : enabled

    : disabled

    Policy

    Select an existing policy or create a new one.

    • Use existing: Select an existing policy.
    • Create new

    Create new

    Policy

    Policy name

    -

    Action

    Indicates how an event is handled.

    • Report alarm and isolate
    • Report alarm

    Report alarm and isolate

    Bait File

    After honeypot protection is enabled, the system deploys honeypot files in protected directories and key directories (unless otherwise specified by users). A honeypot file occupies only a few resources and does not affect your server performance.

    If ransomware prevention is enabled, this function is enabled by default.

    NOTE:

    Currently, Linux servers support dynamic generation and deployment of honeypot files. Windows servers support only static deployment of honeypot files.

    Enabled

    Bait File Directories

    Protected directory (excluding subdirectories).

    Separate multiple directories with semicolons (;). You can configure up to 20 directories.

    This parameter is mandatory if OS is set to Linux.

    Linux: /etc/lesuo

    Windows: C:\Test

    Excluded Directory (Optional)

    Directories where honeypot files are not deployed.

    Separate multiple directories with semicolons (;). You can configure up to 20 excluded directories.

    Linux: /test

    Windows: C:\ProData

    Protected File Type

    Types of files to be protected.

    More than 70 file formats can be protected, including databases, containers, code, certificate keys, and backups.

    This parameter is available only when OS is set to Linux and is mandatory.

    Select all

    Process Whitelist

    Paths of the process files that can be automatically ignored during the detection, which can be obtained from alarms.

    This parameter is available only when OS is set to Windows.

    -

  6. After the configuration is complete, click Next to configure the vault.

    Server backup must be enabled.

    Select the target vault. For details about the vault list, see Table 2.

    When selecting a vault, you are advised to determine the required capacity based on the backup rules, retention period, and server asset size. Select a vault with enough available capacity. Otherwise, the backup may fail.

    Table 2 Vault list parameters

    Parameter

    Description

    Vault Name

    Name of the target vault

    Vault ID

    ID of the target vault

    Vault Status

    Current status of the target vault

    • Available
    • Frozen

    Used/Total Vault Capacity (GB)

    Current usage and total capacity of the target vault

    Used Capacity (GB)

    Total capacity of the server bound to the target vault.

    For example:

    Three servers with 60 GB hard disks are bound to vault A with 200 GB capacity.

    • The used capacity is the total storage capacity of the servers bound to vault A (3 x 60 GB = 180 GB).
    • The used capacity does not occupy the capacity of vault A.
    • The used capacity indicates the maximum capacity required for backing up servers bound to vault A. The used capacity cannot be greater than the capacity of vault A. Otherwise, the backup may fail.

    Number Bound Servers

    Number of servers associated with the target vault

    Backup Policy Status

    Status of the rule for automatically backing up server data in the target vault

  7. Click Next and select servers. You can search for a server by its name or by filtering.

    Figure 3 Selecting servers

  8. Click OK to enable ransomware protection and create the policy.
  9. In the navigation pane, choose Prevention > Ransomware Prevention. Click the Policies tab and check the new policy.

Modifying a Policy

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service.

    Figure 4 Accessing HSS

  3. In the displayed dialog box, click Try the new edition to switch to the HSS (New) console.

    • Currently, HSS is available in the following regions: CN South-Guangzhou, CN-Hong Kong, AP-Bangkok, and AP-Singapore.
    • On the HSS (New) console, you can click Back to Old Console in the upper left corner to switch to the HSS (Old) console.

  4. In the navigation pane, choose Prevention > Ransomware Prevention. Click the Policies tab.

    Figure 5 Modifying a policy

  5. Click Edit in the Operation column of a policy. Edit the policy information and associated servers. For more information, see Table 3.

    The following uses a Linux server as an example.
    Table 3 Protection policy parameters

    Parameter

    Description

    Example Value

    OS

    Server OS to be protected.

    Linux

    Ransomware Prevention

    You are advised to enable ransomware protection.

    : enabled

    : disabled

    Policy

    Select an existing policy or create a new one.

    • Use existing: Select an existing policy.
    • Create new

    Create new

    Policy

    Policy name

    -

    Action

    Indicates how an event is handled.

    • Report alarm and isolate
    • Report alarm

    Report alarm and isolate

    Bait File

    After honeypot protection is enabled, the system deploys honeypot files in protected directories and key directories (unless otherwise specified by users). A honeypot file occupies only a few resources and does not affect your server performance.

    If ransomware prevention is enabled, this function is enabled by default.

    NOTE:

    Currently, Linux servers support dynamic generation and deployment of honeypot files. Windows servers support only static deployment of honeypot files.

    Enabled

    Bait File Directories

    Protected directory (excluding subdirectories).

    Separate multiple directories with semicolons (;). You can configure up to 20 directories.

    This parameter is mandatory if OS is set to Linux.

    Linux: /etc/lesuo

    Windows: C:\Test

    Excluded Directory (Optional)

    Directories where honeypot files are not deployed.

    Separate multiple directories with semicolons (;). You can configure up to 20 excluded directories.

    Linux: /test

    Windows: C:\ProData

    Protected File Type

    Types of files to be protected.

    More than 70 file formats can be protected, including databases, containers, code, certificate keys, and backups.

    This parameter is available only when OS is set to Linux and is mandatory.

    Select all

    Process Whitelist

    Paths of the process files that can be automatically ignored during the detection, which can be obtained from alarms.

    This parameter is available only when OS is set to Windows.

    -

  6. Confirm the policy information and click OK.

Deleting a Policy

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service.

    Figure 6 Accessing HSS

  3. In the displayed dialog box, click Try the new edition to switch to the HSS (New) console.

    • Currently, HSS is available in the following regions: CN South-Guangzhou, CN-Hong Kong, AP-Bangkok, and AP-Singapore.
    • On the HSS (New) console, you can click Back to Old Console in the upper left corner to switch to the HSS (Old) console.

  4. In the navigation pane, choose Prevention > Ransomware Prevention. Click the Policies tab.
  5. Click Delete in the Operation column of the target policy.

    After a policy is deleted, the associated servers are no longer protected. Before deleting a policy, you are advised to bind its associated servers to other policies.

  6. Confirm the policy information and click OK.
Parent topic: Ransomware Prevention