Managing Ransomware Prevention Policies

Constraints

Only premium, WTP, and container editions support ransomware protection.

Creating a Policy

1. Log in to the management console.
2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
3. Choose Prevention > Ransomware Prevention.
   

   If your servers are managed by enterprise projects, you can select the target enterprise project to view or operate the asset and detection information.

4. Click the Policies tab and click Add Policy.
5. Configure policy parameters. For more information, see Table 1.
   Figure 1 Protection policy parameters
   

   Table 1 Protection policy parameters

   Parameter	Description	Example Value
   OS	Server OS.	Linux
   Policy	Policy name.	test
   Action	How an event is handled. Report alarm and isolate Report alarm	Report alarm and isolate
   Dynamic Honeypot Protection	After honeypot protection is enabled, the system deploys honeypot files in protected directories and other random positions (unless otherwise specified by users). The honeypot files deployed in random locations are automatically deleted every 12 hours and then randomly deployed again. A bait file occupies a few server resources. Therefore, configure the directories that you do not want to deploy the bait file in the excluded directories. NOTE: Currently, Linux servers support dynamic generation and deployment of honeypot files. Windows servers support only static deployment of honeypot files.	Enabled
   Bait File Directories	Directory that needs to be protected by static bait (excluding subdirectories). You are advised to configure important service directories or data directories. Separate multiple directories with semicolons (;). You can configure up to 20 directories. This parameter is mandatory for Linux servers and optional for Windows servers.	Linux: /etc Windows: C:\Test
   Excluded Directory (Optional)	Directory that does not need to be protected by bait files. Separate multiple directories with semicolons (;). You can configure up to 20 excluded directories.	Linux: /etc/lesuo Windows: C:\Test\ProData
   Protected File Type	Types of files to be protected. More than 70 file formats can be protected, including databases, containers, code, certificate keys, and backups. This parameter is mandatory for Linux servers only.	Select all
   (Optional) Process Whitelist	Paths of the process files that can be automatically ignored during the detection, which can be obtained from alarms. This parameter is mandatory only for Windows servers.	-

6. Click OK.

Changing a Policy

You can change the protection policy associated with a server.

1. Click the Protected Servers tab.
2. Select a server and click Change Policy.
3. In the Change Policy dialog box, select a protection policy.
4. Click OK.

Modifying a Policy

1. Log in to the management console and go to the HSS page.
2. In the navigation pane, choose Prevention > Ransomware Prevention. Click the Policies tab.
3. Click Edit in the Operation column of a policy. Edit the policy configurations and associated servers. For more information, see Table 2.
   The following uses a Linux server as an example. On the Protected Servers tab, you can also click the name of the policy associated with the server to edit the policy.

   Table 2 Protection policy parameters

   Parameter	Description	Example Value
   Policy	Policy name.	test
   Action	How an event is handled. Report alarm and isolate Report alarm	Report alarm and isolate
   Dynamic Honeypot Protection	After honeypot protection is enabled, the system deploys honeypot files in protected directories and other random positions (unless otherwise specified by users). A bait file occupies a few server resources. Therefore, configure the directories that you do not want to deploy the bait file in the excluded directories. NOTE: Currently, Linux servers support dynamic generation and deployment of honeypot files. Windows servers support only static deployment of honeypot files.	Enabled
   Bait File Directories	Directory that needs to be protected by static bait (excluding subdirectories). You are advised to configure important service directories or data directories. Separate multiple directories with semicolons (;). You can configure up to 20 directories. This parameter is mandatory for Linux servers and optional for Windows servers.	Linux: /etc Windows: C:\Test
   Excluded Directory (Optional)	Directory that does not need to be protected by bait files. Separate multiple directories with semicolons (;). You can configure up to 20 excluded directories.	Linux: /etc/lesuo Windows: C:\Test\ProData
   Protected File Type	Types of files to be protected. More than 70 file formats can be protected, including databases, containers, code, certificate keys, and backups. This parameter is mandatory for Linux servers only.	Select all
   (Optional) Process Whitelist	Paths of the process files that can be automatically ignored during the detection, which can be obtained from alarms. This parameter is mandatory only for Windows servers.	-
   Associate Servers	Information about the server associated with the policy. If you want to disassociate the server (disable ransomware protection), you can delete the policy.	-

4. Confirm the policy information and click OK.

Deleting a Policy

1. Log in to the management console and go to the HSS page.
2. In the navigation pane, choose Prevention > Ransomware Prevention. Click the Policies tab.
3. Click Delete in the Operation column of the target policy.
   

   After a policy is deleted, the associated servers are no longer protected. Before deleting a policy, you are advised to bind its associated servers to other policies.

4. Confirm the policy information and click OK.