This article concerns Kaspersky Endpoint Security 10 for Windows:
To reduce the risk of being infected by cryptoviruses (malware that encrypts your files and demand a ransom), we recommend that you enable the following protection components:
Open Kaspersky Endpoint Security 10 for Windows.
In the Settings tab, select Endpoint control → Application Privilege Control and click the Resources button.
Select the Personal data node, click Add and select Category.
Create a category called Protected file types and create several subcategories within it (Documents, Images, etc.).
Select the category corresponding to the protected files type (for example, Documents for files with the *.doc extension), click Add and select File or folder. Specify a mask for the file type by using an asterisk *.<extension>
Add the other file types the same way.
Configure access permissions for the Protected file types category for applications with high and low restrictions by blocking Write, Delete and Create actions. Make sure that the applications you often use with protected file types are in the Trusted group.
Open the Administration Console, go to the Managed devices node and select the Policies tab.
Open the active Kaspersky Endpoint Security policy, select Endpoint control → Application Privilege Control and click the Settings button.
Create several categories (for example, Documents, Images, etcetera).
Select the category corresponding to the protected files type (for example, Documents for files with the *.doc extension), click Add and select File or folder. Specify the mask for the file type by using an asterisk *.<extension>
Make sure that the applications you often use with protected file types are in the Trusted group.
The server is able to register many events. These events will delete old ones as the Kaspersky Security Center database is filled.
After configuring these settings, you will be able to monitor when the files you have specified are launched. If one of these files launches on any computer, Kaspersky Security Center will register an event.
Save the policy.
These are the file types that are most often encrypted by ransomware:
Documents
.doc .docx .pdf
.xls .xlsx
.ppt .pptx .rtf
.odt .odp .ods
.djvu
Images
.jpg .jpeg .bmp
.gif .png .psd
.cdr .dwg .max
.3ds
Archives
.rar .zip .7z
.tar .gz
Multimedia
.avi .mp3 .wav
.mkv .flac .mp4
.mov .wmv
Databases
.mdb .1cd .sqlite
.sql
Other
.kwm .iso .torrent
.php .c .cpp
.pas .cer .key
.pst .lnk
If you have detected a suspicious file which might have infected your computer or encrypted your files, you can send a request to Kaspersky Lab Technical Support. Attach the file to your request and add the comment “possible cryptovirus”. You can find the files that were deleted during disinfection in backup storage.
Watch videos on how to protect against cryptoviruses in Kaspersky Endpoint Security 10:
;
Release of antivirus database updates (required to protect your computer/server/mobile device)
Providing technical support over phone / web
Release of patches for the application (addressing detected bugs)
Please let us know how we can make this website more comfortable for you
Thank you for submitting your feedback. We will review your feedback shortly.
Your feedback will be used for content improvement purposes only. If you need assistance, please contact technical support.
Your suggestions will help improve this article.
