Create a protection policy

Ransomware has become a major threat to network security. Security Center provides protection, generates alerts, and backs up data to prevent ransomware from intruding your core servers. You can create anti-ransomware protection policies for your core servers. This topic describes how to create a protection policy.

Background information

The anti-virus feature is a value-added service only supported by the Advanced or Enterprise edition of Security Center. If you are using the Basic edition, you must upgrade Security Center to the Advanced or Enterprise edition and purchase anti-ransomware capacity before you can activate the anti-virus feature.
The anti-virus feature only supports data backup for Alibaba Cloud Elastic Compute Service (ECS) instances. It does not support data backup for external servers. You can create protection policies only for your ECS instances.
To make sure that the anti-ransomware capacity is effectively utilized, you can only apply one protection policy to each server.
The anti-virus feature supports a limited number of operating system versions. Servers that use unsupported operating system versions cannot use the data backup function. For more information about supported operating system versions, see Operating system versions supported by the anti-virus feature.

Security Center allows you to use the default protection policy or create custom protection policies to back up your server data. To create a custom protection policy, follow these steps:

Log on to the Security Center console.
In the left-side navigation pane, choose Defense > Anti-Virus.
On the Anti-Virus page, click Add anti-ransomware policies.
On the General anti-ransomware solutions page, click Create Policies.
You can also click the number under Unprotected Server to go to the Create Policies tab.

On the Create Policies tab, set the parameters.

Note

The following table describes the parameters.


Parameter	Description
Policy Name	The name of the protection policy.
Select Assets	You can select one or more assets from different asset groups, or directly select asset groups. Follow these steps to select the assets to which the protection policy is applied. In the Asset List, select target asset groups from the Asset Groups list. All assets in the selected groups are automatically selected. You can clear one or more automatically selected assets in the Assets list on the right side. You can also enter an asset name in the search bar in the Assets list to search for specific assets. Fuzzy match is supported. Note The anti-virus feature only supports data backup for Alibaba Cloud Elastic Compute Service (ECS) instances. It does not support data backup for external servers. You can create protection policies only for your ECS instances. To make sure that the anti-ransomware capacity is effectively utilized, you can only apply one protection policy to each server.
Protection Policies	Valid values: Recommendation Policy After you select Recommendation Policy, by default, the parameters are set as follows: Protected Directory: All directories Protected File Formats: All formats Start Time: Right now Backup policy execution interval: 1 Day Backup data retention period: 7 Days Maximum data control(MByte/s): Unlimited Custom policy After you select Custom policy, you must set these parameters: Protected Directory, Protected File Formats, Start Time, Backup policy execution interval, Backup data retention period, and Maximum data control (MB).
Protected Directories	The directories to be protected. Valid values: Specified directory: Specify one or more directories to be protected. Enter the address of the specified directory in the Directory address field. All directories: All directories of the specified assets are protected. You must specify Whether to exclude system directories. Note To prevent system conflicts, after you select All directories, we recommend that you select Excluded when you specify Whether to exclude system directories.
Whether to exclude system directories	You can select Excluded or Not Excluded as needed. After you select Excluded, the excluded directories in Windows and Linux systems are as follows: Windows: Windows\ python27\ Program Files (x86)\ Program Files\ ProgramData\ Boot\ $RECYCLE.BIN\ System Volume Information\ Users\Administrator\NTUSER.DAT pagefile.sys Linux: /bin/ /usr/bin/ /sbin/ /boot/ /proc/ /sys/ /srv/ /lib/ /selinux/ /usr/sbin/ /run/ /lib32/ /lib64/ /lost+found/
Directory address	Enter the directory address to be protected. If multiple directories need to be protected, click New Directory to add more directory addresses. If you want to delete an existing directory address, click Delete.
Protected File Formats	The file formats to be protected. Valid values: Specified formats: Specify the file formats to be protected. You must select the file formats in the Select formats field. All formats: All file formats are protected.
Select formats	Valid values: Text file formats Image file formats Compressed file formats Database file formats Audio and video file formats Script file formats Note You can select multiple formats simultaneously. Security Center only protects the specified file formats.
Start Time	The start time for the data backup task.
Backup policy execution interval	The time interval between two data backup tasks. Default value: 1 Day. Valid values: Half a day 1 Day 3 Days 7 Days
Backup data retention period	The retention period of backup data. Default value: 7 Days. Valid values: 7 Days 30 Days Half a year 1 Year Permanent
Maximum data control(MB)	The maximum bandwidth that can be consumed by a data backup task. Valid values: 1 Mbit/s to unlimited.

Click OK.
After you create a custom protection policy, Security Center applies it to backing up your server data.

Background information

Create a protection policy

See also