Este conteúdo foi traduzido por máquina para sua conveniência e a Huawei Cloud não pode garantir que o conteúdo foi traduzido com precisão. Para exibir o conteúdo original, use o link no canto superior direito para mudar para a página em inglês.
Central de ajuda/ Host Security Service/ Guia de usuário/ Prevenção/ Prevenção contra ransomware/ Managing Ransomware Prevention Policies
Atualizado em 2024-01-04 GMT+08:00
Ver PDF
Compartilhar

Managing Ransomware Prevention Policies

You can use predefined policies, create or modify ransomware prevention policies, or change the policy associated with a server.

Constraints

Only premium, WTP, and container editions support ransomware protection.

Creating a Policy

  1. Faça logon no console de gerenciamento.
  2. No canto superior esquerdo da página, selecione uma região, clique em e escolha Security & Compliance > Host Security Service.

    Figura 1 Acessar o HSS

  3. Escolha Prevention > Ransomware Prevention.

    Se os servidores forem gerenciados por projetos empresariais, você poderá selecionar o projeto empresarial de destino para visualizar ou operar as informações sobre ativos e detecção.

  4. Click the Policies tab and click Add Policy.
  5. Configure policy parameters. For more information, see Tabela 1.

    Figura 2 Protection policy parameters
    Tabela 1 Protection policy parameters

    Parameter

    Description

    Example Value

    OS

    Server OS.

    Linux

    Policy

    Policy name.

    test

    Action

    How an event is handled.

    • Report alarm and isolate
    • Report alarm

    Report alarm and isolate

    Dynamic Honeypot Protection

    After honeypot protection is enabled, the system deploys honeypot files in protected directories and key directories (unless otherwise specified by users). A honeypot file occupies only a few resources and does not affect your server performance.

    NOTA:

    Currently, Linux servers support dynamic generation and deployment of honeypot files. Windows servers support only static deployment of honeypot files.

    Enabled

    Honeypot File Directories

    Protected directories (excluding subdirectories). You are advised to configure important service directories or data directories.

    Separate multiple directories with semicolons (;). You can configure up to 20 directories.

    This parameter is mandatory for Linux servers and optional for Windows servers.

    Linux: /etc/lesuo

    Windows: C:\Test

    Excluded Directory (Optional)

    Directories where honeypot files are not deployed.

    Separate multiple directories with semicolons (;). You can configure up to 20 excluded directories.

    Linux: /test

    Windows: C:\ProData

    Protected File Type

    Types of files to be protected.

    More than 70 file formats can be protected, including databases, containers, code, certificate keys, and backups.

    This parameter is mandatory for Linux servers only.

    Select all

    (Optional) Process Whitelist

    Paths of the process files that can be automatically ignored during the detection, which can be obtained from alarms.

    This parameter is mandatory only for Windows servers.

    -

  6. Click OK.

Changing a Policy

You can change the protection policy associated with a server.

  1. Click the Protected Servers tab.
  2. Select a server and click Change Policy.
  3. In the Change Policy dialog box, select a protection policy.
  4. Click OK.

Modifying a Policy

  1. Log in to the management console and go to the HSS page.
  2. In the navigation pane, choose Prevention > Ransomware Prevention. Click the Policies tab.
  3. Click Edit in the Operation column of a policy. Edit the policy configurations. For more information, see Tabela 2.

    The following uses a Linux server as an example.
    Tabela 2 Protection policy parameters

    Parameter

    Description

    Example Value

    OS

    Server OS.

    Linux

    Policy

    Policy name.

    test

    Action

    How an event is handled.

    • Report alarm and isolate
    • Report alarm

    Report alarm and isolate

    Dynamic Honeypot Protection

    After honeypot protection is enabled, the system deploys honeypot files in protected directories and key directories (unless otherwise specified by users). A honeypot file occupies only a few resources and does not affect your server performance.

    NOTA:

    Currently, Linux servers support dynamic generation and deployment of honeypot files. Windows servers support only static deployment of honeypot files.

    Enabled

    Honeypot File Directories

    Protected directories (excluding subdirectories). You are advised to configure important service directories or data directories.

    Separate multiple directories with semicolons (;). You can configure up to 20 directories.

    This parameter is mandatory for Linux servers and optional for Windows servers.

    Linux: /etc/lesuo

    Windows: C:\Test

    Excluded Directory (Optional)

    Directories where honeypot files are not deployed.

    Separate multiple directories with semicolons (;). You can configure up to 20 excluded directories.

    Linux: /test

    Windows: C:\ProData

    Protected File Type

    Types of files to be protected.

    More than 70 file formats can be protected, including databases, containers, code, certificate keys, and backups.

    This parameter is mandatory for Linux servers only.

    Select all

    (Optional) Process Whitelist

    Paths of the process files that can be automatically ignored during the detection, which can be obtained from alarms.

    This parameter is mandatory only for Windows servers.

    -

  4. Confirm the policy information and click OK.

Deleting a Policy

  1. Log in to the management console and go to the HSS page.
  2. In the navigation pane, choose Prevention > Ransomware Prevention. Click the Policies tab.
  3. Click Delete in the Operation column of the target policy.

    After a policy is deleted, the associated servers are no longer protected. Before deleting a policy, you are advised to bind its associated servers to other policies.

  4. Confirm the policy information and click OK.
Tópico principal: Prevenção contra ransomware