Anti-Cryptor: host not blocked

[GLFI69]

 

Hello, a few minutes ago i received an email alert for an attempt to encryption file and i checked immediately on the file server.

By KS Server settings, access to the file server should be blocked from this workstation for 59 minutes and so it would seem by looking at the KS server local console on the server.

But after i open the KS server console, i cannot see any host blocked and the workstation can ping and access the file server.

I’m using KS for server 10.1.2.992.

is it a malfunction or did I miss some configuration?

This is the mail alert:

Si è verificato l'evento Encryption attempt detected sul computer FileServerName del dominio XXXXXXX alle venerdì 7 febbraio 2020 12:29:07 (GMT+01:00) Object detected:  HEUR:Generic.Unknown.Cryptor. Object name: FilePath\Gestione\ATTIVITA'-INFO-SCADENZE\Modulistica Inf-Oss-Fkt\MODULISTICA CUCINA\Mod127.12 Raccolta preferenze ospiti.xls. User: S-1-5-21-954386897-3593868654-4004073292-1270

These are configuration e console images:

 

[GLFI69]

I have done some tests and the Anti-Cryptor seems to work.

I don't know what happened in that case.

[stefano_dottori]

I also have this problem too.

 

I open several ticket with the Kaspersky Support and the problem is far from being completely solved.

After i sent a few tickets about this problem, they asked to enable traces in the server to analyze what is going on, but they(the traces), didn’t have any info about what is happening.

They also suggested to:

• disable the heuristic analyzer
• Install a cumulative critical update 

But this suggestions above were worthless due to the fact that, the problem is still happening.

 

I’m almost begging here you guys,  what should i do to fix this problem once and for all?

[GLFI69]

Fortunately, it has only happened once for me.