- Compare Editions
- Product Information
- Resources
- Licensing / Pricing
- Support
- Contact
Back to Setup Guide for Ransomware Protection
An important approach to protecting a server from ransomware is to automatically stop the compromised user account from harming any more files. This can be done with the Add to Blocked User List action. You can find more information here:
https://www.poweradmin.com/help/latestfshelp.aspx?page=action-add-to-blocked-users-list.aspx
If you add this action to the above monitors, then as soon as the monitor fires actions, the user account that triggered the action will get added to the Blocked User List, and all attempts they make to create, read, write or delete files on the server will be blocked. The account will also get blocked on other drives that are monitored by PA File Sight within the same installation, including those monitored by Satellites.
However, if an important user account, such as a service account used by a database for example, is blocked, it can cause problems for other software and other users. So it is important to do everything possible to reduce false positives.
One way you can reduce false positives is to test. There should be two Add to Blocked User List actions. One of them has the word "TESTING" added to the name. This action is completely safe - it will act just like the normal action, but it won't actually block the triggered user account. With this in place, you can test your monitors for a few days to make sure nothing triggers them that shouldn't. If you do get a false positive, you can probably fix it by changing an Ignore setting above.
So, go to all of the monitors you created above, and click the Actions button on each. Add the "Add to Blocked Users List - TESTING" action to the monitor.
Once a PA File Sight monitor has a Add to Blocked User List action attached to it (even the TEST version), it will show a warning to remind you that this monitor can block user access.
“PAM (as we call it) is one of the best tools in our IT toolbelt and consistently helps me to stay ahead of the curve regarding our datacenter. Thanks for a great product.”
Jason M., Image API, Inc., USA