Jump to content
v.pirev

Problems with "Behavior Detection" and "Protection of shared folders against external encryption" in KES 11.0.1.90

Recommended Posts

Hello, today i try to test "Behavior Detection" module in particular : "Protection of shared folders against external encryption"  in KES11. I share one folder on computer with Windows 8.1, and KES 11.0.1.90 and this function is set to ON, KES database is up to date. I put a lot files in this folder and allow full access on this folder over the network. After this i download AxCrypt from https://www.axcrypt.net/ from another computer (OS Windows 7 Pro) which is connected to this network.In KES Firewall this network is set as ”Local network”.I install the software , open the shared folder and encrypt files inside (for example 30 files ). And nothing happened , kaspersky allow me to encrypt all files . My computer was not blocked. I try this 5 times with different type of files and no different i was able to encrypt all files in shared folder. Can you explain me how how to test "Protection of shared folders against external encryption" function work properly?

Share this post


Link to post
2 hours ago, v.pirev said:

Hello, today i try to test "Behavior Detection" module in particular : "Protection of shared folders against external encryption"  in KES11. I share one folder on computer with Windows 8.1, and KES 11.0.1.90 and this function is set to ON, KES database is up to date. I put a lot files in this folder and allow full access on this folder over the network. After this i download AxCrypt from https://www.axcrypt.net/ from another computer (OS Windows 7 Pro) which is connected to this network.In KES Firewall this network is set as ”Local network”.I install the software , open the shared folder and encrypt files inside (for example 30 files ). And nothing happened , kaspersky allow me to encrypt all files . My computer was not blocked. I try this 5 times with different type of files and no different i was able to encrypt all files in shared folder. Can you explain me how how to test "Protection of shared folders against external encryption" function work properly?

 

Hello.

What settings were set in KES11 regarding external encryption? What action on detection is selected? If you choose "Inform", is anything logged in KES?

Normally, it monitors all common suspicious actions, such as deleting a file, changing its contents or its size, or moving it, when performed from a remote computer. Therefore, no special software is required to verify that this feature is working.

Note that only NTFS, unencrypted by EFS, can be monitored.

Thank you.

Share this post


Link to post
1 hour ago, Kirill Tsapovsky said:

Hello.

What settings were set in KES11 regarding external encryption? What action on detection is selected? If you choose "Inform", is anything logged in KES? 

Normally, it monitors all common suspicious actions, such as deleting a file, changing its contents or its size, or moving it, when performed from a remote computer. Therefore, no special software is required to verify that this feature is working.

Note that only NTFS, unencrypted by EFS, can be monitored.

Thank you.

The settings are OK. You can see the pictures. Kaspersky has no log .

Everyone can did the same test as I did and write the result.

2.jpg

1.jpg

Share this post


Link to post

Hi,

Could you please collect KES  traces while this behavior reoccurs?

Please use any file sharing resource to upload traces and provide us with a link.

Thank you!

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.