Hello, a few minutes ago i received an email alert for an attempt to encryption file and i checked immediately on the file server.
By KS Server settings, access to the file server should be blocked from this workstation for 59 minutes and so it would seem by looking at the KS server local console on the server.
But after i open the KS server console, i cannot see any host blocked and the workstation can ping and access the file server.
I’m using KS for server 10.1.2.992.
is it a malfunction or did I miss some configuration?
This is the mail alert:
Si è verificato l'evento Encryption attempt detected sul computer FileServerName del dominio XXXXXXX alle venerdì 7 febbraio 2020 12:29:07 (GMT+01:00) Object detected: HEUR:Generic.Unknown.Cryptor. Object name: FilePath\Gestione\ATTIVITA'-INFO-SCADENZE\Modulistica Inf-Oss-Fkt\MODULISTICA CUCINA\Mod127.12 Raccolta preferenze ospiti.xls. User: S-1-5-21-954386897-3593868654-4004073292-1270
These are configuration e console images: