antiRansomware Object
The antiRansomware object contains the basic details on the Anti-Ransomware settings in a sensor policy, including:
Field |
Type |
Description |
---|---|---|
mode |
Enum |
The mode to use for Anti-Ransomware protection. Possible values include:
|
canaryFiles |
JSON object |
An object containing details on the canary file options for this policy. The canaryFiles object contains separate objects for rootDrives, (root drive folders on the machine), desktop (Desktop folder), usersFolders (User folders on the machine), and usersDocuments (Document folders on the machine). |
enabled |
Boolean |
In the rootDrives, desktop, usersFolders, or usersDocuments objects, indicates whether canary files are enabled for this folder on a machine. |
status |
Enum |
In the rootDrives, desktop, usersFolders, or usersDocuments objects, the visibility level for canary files in the selected folder. Possible values include:
|
folderSuffix |
String |
The custom suffix to attach to a folder containing canary files. |
fileSuffix |
String |
The custom suffix to use for canary files. |
shadowCopyEnabled |
Boolean |
Indicates whether to enable the Cybereason platform to detect ransomware based on the deletion of shadow copies on a machine. |
mbrEnabled |
Boolean |
Indicates whether to enable the Cybereason platform to detect ransomware based on the editing of a Master Boot Record on a machine. |
exclusions |
Array |
A list of file hash values or commands to exclude from Anti-Ransomware protection. If you do not want to exclude hashes or commands, leave this array empty. |
file |
String |
The file and command to exclude. For details and an example from Anti-Ransomware, see Exclude commands from Anti-Ransomware. |
modifiedBy |
String |
The Cybereason user name for the user creating the policy. |
lastModified |
Long |
The time (in milliseconds) when you create the policy. |