Anti-Ransomware
Anti-Ransomware is a behavioral detection engine that attempts to detect malicious encryption of your files and documents. If ransomware is detected, the entire attack can be automatically remediated, and encrypted files restored from a secure backup.
Anti-Ransomware Files
Anti-Ransomware creates honeypot files on client computers. It stops the attack immediately after it detects that the ransomware modified the files.
The files are in these folders that Anti-Ransomware creates:
/Users/Shared
/Users/<User>
/Users/<User>/Documents
You can identify these folders by the lock icon that is associated with the name of the folder. For example:
The file names include these strings, or similar:
CP
CheckPoint
Check PointCheck-Point
Harmony EndpointHarmony Zero-DayEndpoint
You can open and look at the files. They are real documents, images, videos, and music.
If a file is deleted, it is automatically recreated after the next system boot.
Anti-Ransomware Restoration
In the Forensics, you can see details of which were files restored and deleted during the restoration.
-
See which files were restored in the Business Impact section.
-
See which files were deleted in the Remediation section.
To run Anti-Ransomware restoration from a macOS client computer:
-
Right-click the Endpoint Security icon in the taskbar notification area and select Show Client.
The Endpoint Security Home Page opens.
-
Click Menu and select Overview.
-
Click Forensics and Anti-Ransomware.
-
Click Restore. The files are automatically restored.