Configure and Deploy Anti-Ransomware policy using Endpoint Central
In this article you will learn about
- Configuring Backup-Policies
- Configuring Ransomware Detection Policies
Anti-Ransomware policies are crucial for safeguarding an organization's data against encryption-based cyber threats. These policies help mitigate ransomware attacks by enabling proactive threat detection and ensuring secure data backups, allowing for swift recovery in case of an incident.

- System Backup Creation: This option enables the creation of backup data stored on the drive. If disabled, backups will not be generated, and data cannot be recovered in the event of a ransomware attack.
- Backup Quota: This option allows administrators to allocate a specific percentage [10-20%] of storage space for backups.
- Backup Interval: This defines the time duration [60-300 mins] between consecutive backups.

- Detection Policy:
- Audit Only: The Audit-Only configuration detects and alerts administrators to potential ransomware incidents, making it ideal for initial deployment. If an incident is confirmed as true positive, affected files can be restored with a single click.
- Kill Process: The Kill Process setting terminates the ransomware and its associated child processes immediately upon detection. If the incident is confirmed as true positive, the affected files can be restored with a single click.
- Detection Sensitivity:
- Standard: This setting enables the anti-ransomware engine to provide reliable protection with a balanced approach, ensuring security while minimizing disruptions.
- Aggressive: This setting enforces stricter rules for enhanced security but may lead to more false positives. It is often recommended for evaluation or testing due to its rigorous detection standards.
- Decoy File Deployment: Decoy File Deployment serves as a trap for ransomware attacks. Hidden image, text, and document files are placed in designated folders, and any attempt to access, modify, or delete these files triggers immediate ransomware detection, identifying the process as a potential threat.