Checking Protection Policies

Prerequisites

• The servers you want to protect run the Windows OS.
• The server is in the Running state, and its agent is in the Online state.

Checking the Policy List

1. Log in to the management console.
2. In the upper left corner of the page, select a region, click , and choose Security > Host Security Service.
3. On the Ransomware page, click the Policies tab. The ransomware prevention policy list is displayed, as shown in Figure 1.

   Figure 1 Policy list

   
   

   Table 1 Policy parameters

   Parameter	Description
   Policy Name	Policy name
   Servers Protected	Number of servers where the policy takes effect
   Servers Being Studied	Servers where intelligent learning is in progress. The status of a new policy is Learning.
   Trusted Processes	Number of trusted processes automatically identified by HSS
   Monitored File	Path of monitored files. Multiple paths are separated by semicolons (;). Operations on the files in these paths are monitored. If no paths are specified, all the files on the servers associated to the policy are monitored.
   Extension	Extensions of monitored files
   Action	Action taken when suspicious operations on monitored files are detected. For example, report alarms.

4. Click a policy name to check its details and process files, as shown in Figure 2.
   • You can check the policy name, intelligent learning period, protection status, monitored file path, file name extension, and update time.
   • You can check the total number of processes, number of trusted processes, number of untrusted processes, process files, signature issuer, process hash, and trust status.
   • You can mark a process file as Trusted or Untrusted. An alarm will be generated if an untrusted process is started.

     Figure 2 Protection policy details

     
     

5. Click Associated Servers to check servers associated to the policy, as shown in Figure 3.

   Figure 3 Checking associated servers

   
   

   Table 2 Associated servers

   Parameter	Description
   Server Name	Server name
   IP Address	Server IP address
   System	Server OS. Only Windows OSs can be protected.
   Status	Policy status. Its value can be: Learning Intelligent learning is in progress. After a policy is created, the intelligent learning function automatically analyzes operations on associated servers. The status of a new policy is Learning. Learning complete. Policy in effect Intelligent learning is complete. The policy has taken effect on associated servers.
   Operation	Operations that can be performed on the policy, including: Learn Again If any software you use was greatly modified, learning must be performed again on associated servers. Click Learn Again. If intelligent learning period you set is too short, learning results will be inaccurate. If the learning still continuous after the period expires, the policy status will remain Learning. In these cases, set Intelligent Learning Period to a proper duration and click Learn Again. If the server is in Stopped or Faulty state, the agent is in Offline state, or the premium edition is disabled during learning, learning will be interrupted. The policy status will still be Learning, but the system will not respond if you click Learn Again. In this case, ensure the server is in Running state, the agent is in Online state, and the premium edition is enabled for the server, and click Learn Again. Delete Removes an associated server. Files on the server will no longer be protected by the policy.