GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from https://support.gfi.com.

Home » Product Feedback » Kerio Control Feedback » Ransomware protection (Block out of the ordinary uploads)
Ransomware protection [message #153737] Mon, 06 February 2023 18:51 Go to previous message
tverweij is currently offline  tverweij
Messages: 72
Registered: March 2010
Location: Curacao
In most cases, before a system is encrypted, the data of the machine is uploaded to be held hostage.
When we can detect these uploads with Kerio, we can block these uploads.

To do this, Kerio should monitor the normal traffic that is initiated from a host to all specific IP addresses.
It can then calculate the medians uploaded per hour per IP address (only initiated from the machione itself).
A whitelist should be available to exclude specific addresses from this detection.

If a host connects itself to a new IP address it did not previously connect to (and that IP is not whitelisted), and the median upload per hour is exceeded - a warning should be issued and / or the upload stream should be blocked (as specified in the rules), to prevent the data from being stolen.
 
Read Message
Read Message
Previous Topic: Managed to convert my Kerio Control 9.4 install to UEFI, but new kernel not new enough for Hyper-V
Next Topic: Feature Request Process for KerioControl
Goto Forum:
  


Current Time: Sat Apr 01 19:05:09 CEST 2023

Total time taken to generate the page: 0.03426 seconds