Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Ransomware Protection

Creating GuardPoints for Ransomware Protection

search

Please Note:

Creating GuardPoints for Ransomware Protection

Steps to create GuardPoints on individual clients and client groups are similar. GuardPoints can be created on the GuardPoints tab of individual clients and client groups.

To create an RWP GuardPoint:

  1. Open the Transparent Encryption application.

  2. Select the client or client group on which you want to create a GuardPoint.

    • Click an RWP-enabled client under the Client Name column (Clients > Clients). These are the clients with RWP or CTE RWP as Protection Mode.

    • Click a client group under the Client Group Name column (Clients > Client Groups).

  3. On the GuardPoints tab, click Create GuardPoint.

    When creating an RWP GuardPoint, (for volumes, without encryption) you do not need to specify a CTE policy. So, for clients with the RWP protection mode, the Policy field is unavailable.

    On clients with the CTE RWP protection mode, (for GuardPoint, with encryption), you can create RWP GuardPoints as well as other types of GuardPoints with policies. So, the Policy field is available for such clients. Although the field is available, do not select any policy when creating an RWP GuardPoint.

    Refer to Protection Modes for information on CTE protection modes.

  4. (For clients with the CTE RWP protection mode) Select Ransomware Protection as the Type of device to protect. This is a mandatory field.

    For clients with the RWP protection mode, Ransomware Protection is the default Type and cannot be modified.

  5. Specify the Path (volume or network share) to be protected. This is a mandatory field. Options to specify the GuardPoint paths are:

    • Enter/Browse Path: Select this option, and enter the volume path (for example, C:\, or D:\, or shared volume) by either typing or clicking the Browse button.

      Note

      • Ransomware Protection GuardPoints are applied at the volume level. Even if you specify the path of a folder or a file, the GuardPoint will be applied at the volume level.

      • If you specify a network share, all the network shares to be mounted subsequently will be protected.

      • A CTE client administrator can configure protection of all existing volumes and mount points, and those to be added to the client subsequently. Refer to the CTE Agent for Windows Advanced Configuration Guide for details.

      A maximum of 200 GuardPaths can be specified using the Enter/Browse Path option.

      Browse Method

      1. Click Browse to select the volume by browsing the client file system. This method prevents typographical errors and verifies client availability. This is the recommended method to specify individual paths.

        File system of a client that is not registered with the CipherTrust Manager cannot be browsed.

      2. In the Enter Path field, specify the volume path. Alternatively, in the Select Path field, select the path from the on-screen file system browser, and click Select Path.

      3. Click Add.

      Manual Method

      Alternatively, if you know the volume, manually enter volume in the given text box. Enter one volume per line.

    • Upload CSV: Select this option and click Browse to upload the CSV file containing the list of one or more paths. This is the recommended method to specify a large number of paths in one step.

    If a manually entered path does not yet exist, check that you entered the path correctly. The CipherTrust Manager does not parse manually entered paths for correct syntax.

  6. Click Create. A message appears prompting to confirm the reuse of these GuardPoint settings on another path.

    • Click Yes to use the same settings on another path. The Use Settings on Another Path dialog box is displayed. Perform the following steps:

      1. In the Enter Path field, specify the path. Alternatively, in the Select Path field, select the path from the on-screen file system browser, and click Select Path.

      2. Click Add Path. The newly added path appears under the Paths list on the left. Similarly, add as many paths as required.

      3. Click OK.

    • Click No if you do not want to use the same settings on another path.

  7. Check the GuardPoint status, type:

    secfsd -status guard

Setting Sensitivity

To get the best results for sensitivity:

  1. Initially, set the operation mode to Monitor when you create your Ransomware Protection profile. Monitor mode sets the sensitivity to a lower score.

  2. Monitoring mode will generate a list of many false positive results. Add the false positives entries to your process set to exempt them from monitoring.

  3. When false positives are no longer reported, set the operation mode to Block, to block the relevant suspicious behaviors.

On this page