Configuring ransomware settings for Worry-Free Business Security Services

Views:

You can configure ransomware settings for your Worry-Free Business Security Services customers and deploy the settings to multiple customers or device groups.

Important

When deploying ransomware settings, be aware of the following:

For the Device (Default) group, Security Agents automatically enable Behavior Monitoring.
For the Server (Default) group, Security Agents automatically enable Behavior Monitoring and the Unauthorized Change Prevention Service.
For manual groups:
- Security Agents installed on desktop platforms automatically enable Behavior Monitoring.
- Security Agents installed on server platforms automatically enable Behavior Monitoring, but you must manually enable the Unauthorized Change Prevention Service using the Worry-Free Business Security Services console.

For more information, see the Worry-Free Business Security Services Online Help.

Procedure

Go to Customers.
Select one or more customers from the Company list.
Click Policy Settings and select Ransomware Settings.

The Ransomware Settings screen appears.

Select the customers or specific device groups that you want to configure.

Note

To select specific types of device groups, use the Select Groups drop-down button to select or remove device groups from the policy setting. By default, Remote Manager selects all device groups for all customers.

Click Configure Policy >.

When enabling ransomware protection, select which ransomware protection features you want to apply.

Enable document protection against unauthorized encryption or modification: Stops potential ransomware threats from encrypting or modifying the contents of documents

Automatically back up and restore files modified by suspicious programs: Creates backup copies of files being encrypted on endpoints to prevent any loss of data if the managed product detects a ransomware threat

Note

Automatic file backup requires at least 100 MB of disk space on the agent endpoint and only backs up files that are less than 10 MB in size.

Enable blocking of processes commonly associated with ransomware: Blocks processes associated with known ransomware threats before any encryption or modification of documents can occur
Enable program inspection to detect and block compromised executable files: Program inspection monitors processes and performs API hooking to determine if a program is behaving in an unexpected manner. Although this procedure increases the overall detection ratio of compromised executable files, it may result in decreased system performance.

Click Deploy Policy Settings.

Remote Manager deploys the changes to the specified customers or device groups. You can monitor the status of the policy deployment from the Administration logs.

For more information, see Viewing administration logs.