GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from

Home » Product Feedback » Kerio Control Feedback » Ransomware protection (Block out of the ordinary uploads)
Ransomware protection [message #153737] Mon, 06 February 2023 18:51 Go to next message
tverweij is currently offline  tverweij
Messages: 86
Registered: March 2010
Location: Curacao
In most cases, before a system is encrypted, the data of the machine is uploaded to be held hostage.
When we can detect these uploads with Kerio, we can block these uploads.

To do this, Kerio should monitor the normal traffic that is initiated from a host to all specific IP addresses.
It can then calculate the medians uploaded per hour per IP address (only initiated from the machione itself).
A whitelist should be available to exclude specific addresses from this detection.

If a host connects itself to a new IP address it did not previously connect to (and that IP is not whitelisted), and the median upload per hour is exceeded - a warning should be issued and / or the upload stream should be blocked (as specified in the rules), to prevent the data from being stolen.
Re: Ransomware protection [message #153758 is a reply to message #153737] Fri, 10 February 2023 16:33 Go to previous message
chrisc is currently offline  chrisc
Messages: 155
Registered: January 2022
Hi tverweij, thank you for your feedback! I have submitted it to our Product Team under GFIPEF-215 for further review.

Chris Contorinis
Customer Care Specialist
GFI Software
Previous Topic: VHDX
Next Topic: Managed to convert my Kerio Control 9.4 install to UEFI, but new kernel not new enough for Hyper-V
Goto Forum:

Current Time: Thu Sep 28 00:37:24 CEST 2023

Total time taken to generate the page: 0.07281 seconds