Ransomware Protection prevents the unauthorized modification
or encryption of files on agents by
ransomwarethreats. Ransomware is a type of malware which restricts access to files and demands payment to restore the affected files.
Apex One provides
the following methods to protect your environment from ransomware threats.
 |
NoteTo reduce the chance of the Security Agent detecting a
safe process as malicious, ensure that the agent has Internet access to perform additional
verification processes using Trend Micro
servers.
|
|
Option
|
Description
|
||||
|
Protect documents against unauthorized encryption or
modification
|
You can configure Behavior Monitoring to detect a specific
sequence of events that may indicate a ransomware attack. After Behavior Monitoring
matches all
of the following criteria, the Security Agent terminates and attempts to quarantine malicious programs:
Additionally enable Automatically back up files changed by
suspicious programs to create copies of files being encrypted on
endpoints. After the encryption process completes and Apex One detects a
ransomware threat, Apex One prompts end users to restore the affected files without
suffering any loss of data.
|
||||
|
Block processes commonly associated with ransomware
|
Ransomware commonly distributes executable files in specific locations on endpoints
before attempting to hijack files. Blocking the processes started from these
locations can help prevent the ransomware from being able to hijack files.
|
||||
|
Enable program inspection to detect and block compromised
executable files
|
Program inspection monitors processes and performs API hooking to
determine if a program is behaving in an unexpected manner. Although this procedure
increases the overall detection ratio of compromised executable files, it may result
in decreased system performance.
|
