Ransomware protection
La protección contra ransomware le permite detectar, bloquear y prevenir de manera eficiente los ataques de ransomware. TSplus Advanced Security reacciona tan pronto como detecta ransomware en su sesión. Posee tanto análisis estático y de comportamiento :
- El análisis estático enables the software to react immediately when an extension name changes,
- El análisis de comportamiento looks at how a program will interact with files and detect new strain of ransomware.
You can enable it by clicking on the “Enable Ransomware protection” on the Ransomware protection tab:
Periodo de Aprendizaje
After enabling the Ransomware protection feature, the Learning Period is automatically activated. During the Learning Period, all programs detected by the Ransomware protection feature will be considered as false positives and will be able to resume their execution. The programs detected as false positives will be automatically added to the list of allowed programs.
Esta función permite configurar la protección contra ransomware en un servidor de producción sin interrumpir su actividad. Recomendamos comenzar con un período de aprendizaje de 5 días para identificar todas las aplicaciones comerciales legítimas.
If you stop the Learning Period, it will deactivate the Ransomware protection. Click on the “Ransomware protection is disabled” button to reactivate the Learning Period.
Ransomware Protection Action
It quickly scans your disk(s) and displays the file(s) or program(s) responsible, in addition to providing a list of the infected items. TSplus Advanced Security automatically stops the attack and quarantines the program(s) along with the file(s) encrypted before its intervention.
Only the administrator can whitelist them, by entering the path of the desired program on the bottom line and by clicking on “Add”:
Ransomware Protection Report
TSplus Advanced Security prevents catastrophic events for businesses by removing ransomware at an early stage.
El administrador tiene acceso a información sobre la fuente del ataque y los procesos en ejecución, y por lo tanto aprende a anticipar estas amenazas.
Nota Ransomware Protection observes how programs interact with system and personal files. To ensure a greater level of protection, Ransomware Protection creates bait files in key folders where ransomware often begins its attack. Therefore, a few hidden files may appear in the users’ desktop and documents folders, as well as in other locations. When it detects a malicious behaviour, it stops the ransomware immediately (or asks if the logged user is an administrator). Ransomware Protection uses pure behavioural detection techniques and does not rely on malware signatures, allowing it to catch ransomware which does not exist yet.
You can configure your SMTP settings in order for TSplus Advanced Security to send you email alerts to highlight important security events by clicking on the button below the Ransomware activation one:
Enter your SMTP Hostname, Port and check the Use SSL box and change the port from 25 to 465 if you wish to use SSL.
Enter the SMTP-Username und das Passwort sowie die Absender- und Empfängeradressen.
Email-Einstellungen können validiert werden, indem beim Speichern der SMTP-Einstellungen ein Test gesendet wird.
Instantáneas
Snaphshots taken by Ransomware protection are visible under the Snapshots tab:
La lista se puede actualizar haciendo clic en el botón correspondiente. Cada elemento se puede restaurar o eliminar.
Cuarentena
Quarantäneprogramme sind unter dem Tab Quarantäne sichtbar:
Potencialmente indesejados programas são mantidos em quarentena indefinidamente até que você decida sobre a ação a ser tomada.
This way, Advanced Security ensures the safety of your machine while giving you the option to manage quarantined items as you choose.
Esto puede ser útil si necesita recuperar un archivo o programa que fue neutralizado.
Esta decisión se toma bajo su propio riesgo.
You can also permanently delete any files or programs you choose directly from the quarantine folder located in the Advanced Security installation directory.
Cada elemento puede ser restaurado o eliminado.
Ignored files are not used to detect possible malicious actions and are not saved when they are modified. The idea is to exclude any operation on large or irrelevant files (such as log files).
- système
- dll
- exe
- tmp
- ~tmp
- temp
- caché
- lnk
- 1
- 2
- 3
- 4
- 5
- LOG1
- LOG2
- customDestinations-ms
- journal
- wab~
- vmc
- vhd
- vhdx
- vdi
- vo1
- vo2
- vsv
- vud
- iso
- dmg
- sparseimage
- cab
- msi
- mui
- dl_
- wim
- ost
- o
- qtch
- ithmb
- vmdk
- vmem
- vmsd
- vmsn
- vmss
- vmx
- vmxf
- menudata
- appicon
- appinfo
- pva
- pvs
- pvi
- pvm
- fdd
- hds
- drk
- mem
- nvram
- disco duro
- pk3
- pf
- trn
- automaticDestinations-ms
Caution concernant l'extension des fichiers de sauvegarde
La extensión de archivo utilizada para guardar archivos modificados es: instantánea. El controlador prohíbe cualquier acción de modificación o eliminación en estos archivos, excepto por el servicio de TSplus Advanced Security. Detener el servicio elimina los archivos respaldados. Para eliminar estos archivos manualmente, debe descargar temporalmente el controlador.
Configuración del archivo de respaldo
By default, the directory of saved files is located in the installation directory of TSplus Advanced Security and is called “snapshots”. However, it is possible to define another location for this directory. This can allow the administrator to define a directory located on a faster disk (SSD) or on a larger disk according to his needs. The backup directory path must not be a UNC path, in the form of:
\\
Adding Backup Utilities to the Whitelist
We recommend adding backup utilities in the whitelist.
