Ransomware has become a major threat to network security. Security Center provides protection, generates alerts, and backs up data to prevent ransomware from intruding your core servers. You can create anti-ransomware protection policies for your core servers. This topic describes how to create a protection policy.

Background information

  • The anti-virus feature is a value-added service only supported by the Advanced or Enterprise edition of Security Center. If you are using the Basic edition, you must upgrade Security Center to the Advanced or Enterprise edition and purchase anti-ransomware capacity before you can activate the anti-virus feature.
  • The anti-virus feature only supports data backup for Alibaba Cloud Elastic Compute Service (ECS) instances. It does not support data backup for external servers. You can create protection policies only for your ECS instances.
  • To make sure that the anti-ransomware capacity is effectively utilized, you can only apply one protection policy to each server.
  • The anti-virus feature supports a limited number of operating system versions. Servers that use unsupported operating system versions cannot use the data backup function. For more information about supported operating system versions, see Operating system versions supported by the anti-virus feature.

Create a protection policy

Security Center allows you to use the default protection policy or create custom protection policies to back up your server data. To create a custom protection policy, follow these steps:

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Defense > Anti-Virus.
  3. On the Anti-Virus page, click Add anti-ransomware policies.
  4. On the General anti-ransomware solutions page, click Create Policies.
    You can also click the number under Unprotected Server to go to the Create Policies tab.The entry of unprotected servers
  5. On the Create Policies tab, set the parameters.
    Note
    The following table describes the parameters.
    Parameter Description
    Policy Name The name of the protection policy.
    Select Assets You can select one or more assets from different asset groups, or directly select asset groups. Follow these steps to select the assets to which the protection policy is applied.
    • In the Asset List, select target asset groups from the Asset Groups list. All assets in the selected groups are automatically selected. You can clear one or more automatically selected assets in the Assets list on the right side.
    • You can also enter an asset name in the search bar in the Assets list to search for specific assets. Fuzzy match is supported.
    Note
    • The anti-virus feature only supports data backup for Alibaba Cloud Elastic Compute Service (ECS) instances. It does not support data backup for external servers. You can create protection policies only for your ECS instances.
    • To make sure that the anti-ransomware capacity is effectively utilized, you can only apply one protection policy to each server.
    Protection Policies Valid values:
    • Recommendation Policy
      After you select Recommendation Policy, by default, the parameters are set as follows:
      • Protected Directory: All directories
      • Protected File Formats: All formats
      • Start Time: Right now
      • Backup policy execution interval: 1 Day
      • Backup data retention period: 7 Days
      • Maximum data control(MByte/s): Unlimited
    • Custom policy

      After you select Custom policy, you must set these parameters: Protected Directory, Protected File Formats, Start Time, Backup policy execution interval, Backup data retention period, and Maximum data control (MB).

    Protected Directories The directories to be protected. Valid values:
    • Specified directory: Specify one or more directories to be protected. Enter the address of the specified directory in the Directory address field.
    • All directories: All directories of the specified assets are protected. You must specify Whether to exclude system directories.
      Note To prevent system conflicts, after you select All directories, we recommend that you select Excluded when you specify Whether to exclude system directories.
    Whether to exclude system directories You can select Excluded or Not Excluded as needed. After you select Excluded, the excluded directories in Windows and Linux systems are as follows:
    • Windows:
      • Windows\
      • python27\
      • Program Files (x86)\
      • Program Files\
      • ProgramData\
      • Boot\
      • $RECYCLE.BIN\
      • System Volume Information\
      • Users\Administrator\NTUSER.DAT
      • pagefile.sys
    • Linux:
      • /bin/
      • /usr/bin/
      • /sbin/
      • /boot/
      • /proc/
      • /sys/
      • /srv/
      • /lib/
      • /selinux/
      • /usr/sbin/
      • /run/
      • /lib32/
      • /lib64/
      • /lost+found/
    Directory address Enter the directory address to be protected. If multiple directories need to be protected, click New Directory to add more directory addresses. If you want to delete an existing directory address, click Delete.
    Protected File Formats The file formats to be protected. Valid values:
    • Specified formats: Specify the file formats to be protected. You must select the file formats in the Select formats field.
    • All formats: All file formats are protected.
    Select formats Valid values:
    • Text file formats
    • Image file formats
    • Compressed file formats
    • Database file formats
    • Audio and video file formats
    • Script file formats
    Note You can select multiple formats simultaneously. Security Center only protects the specified file formats.
    Start Time The start time for the data backup task.
    Backup policy execution interval The time interval between two data backup tasks. Default value: 1 Day. Valid values:
    • Half a day
    • 1 Day
    • 3 Days
    • 7 Days
    Backup data retention period The retention period of backup data. Default value: 7 Days. Valid values:
    • 7 Days
    • 30 Days
    • Half a year
    • 1 Year
    • Permanent
    Maximum data control(MB) The maximum bandwidth that can be consumed by a data backup task. Valid values: 1 Mbit/s to unlimited.
  6. Click OK.
    After you create a custom protection policy, Security Center applies it to backing up your server data.

See also

After you create a custom protection policy, you must enable it in the policy list. Then, Security Center will apply it to backing up your server data. For more information, see Enable or disable a protection policy.Enable a protection policy