[ES] Ransomware protection strategy not effective.
Problem Description
Deployed ES endpoint, set ransomware protection policy in [Terminal Management] – [Policy Center] – [Real-time Protection], checked corresponding terminal and found that the policy did not take effect, policy inconsistency.
Central Server Settings:
644445e4df21a56418.png (10.83 KB)
Client-side settings:
389955e4df2283ed18.png (42.02 KB)
Process –
- Log in to the ES console, go to "Terminal Management" – "Policy Center" – "Real-time Protection" – "Ransomware Protection", and notice that the "lock" next to Ransomware Protection is not lit up.
56485e4de64564b17.png (9.08 KB)
- Click on the "small lock" next to the Ransomware protection, submit the policy, then go to the client to view the policy configuration, test it to ensure it takes effect normally, and the client cannot modify it.
Central end:
428925e4de68becd31.png (10.34 KB)
Client:
351925e4df97b732be.png (67.57 KB)
Root Cause
The strategy settings on the central end are not set as the standard, so the client can still modify them.
Solution
Click on the "small lock" next to the policy on [Terminal Management] – [Policy Center] – [Real-time Protection] – [Ransomware Protection].
Suggestions and Summary
The policy on the ES center end, if the "small lock" next to the policy is lit, it means that the policy is based on the center platform and cannot be modified by the client. If it is not lit, it means that the policy is based on the client and can be modified by the client.
Original Link
https://support.sangfor.com.cn/cases/list?product_id=16&type=1&category_id=2497&isOpen=true