Options
From the Endpoint Security Main Page, click Forensics and Anti-Ransomware to see details.
The status is shown to the right of the feature name:
-
On - Function is correct.
-
Off - Disabled by the policy.
More information available:
-
Policy Details - The enforced policy.
-
Analyzed cases - A list of the incidents that the feature has examined that includes the ID, Source, Type, Description, and Date.
From the Analyzed cases list:
-
Click the Incident ID to open a Forensics Analysis Report.
-
Right-click an incident to delete it.
-
Click Restore Files to restore files after a Ransomware attack. This might not be necessary if your administrator restored the files automatically.
Ransomware Detection
Harmony Endpoint creates honeypot files on client computers. It stops the attack immediately after it detects that the ransomware modified the files.
On macOS, the files are in folders that Harmony Endpoint creates in /Users/Shared/.
You can identify these folders by the lock icon that corresponds with the name of the folder. For example:
If a file is deleted, it is automatically recreated after the next system boot.
To learn more, see Anti-Ransomware Files.