Skip to main content
Version: 4.0.0

How to Configure Snapshot Mode Critical Path and SMB Share Snapshots

Introduction

Ransomware Defender offers a feature which can be used to disable SMB user share snapshots. This is especially useful in scenarios where ACL security is used, and all (or most) shares grant full control permissions to all users. In this configuration, many snapshots can be created for single-user detection. Additionally, this feature allows you to manage snapshot quotas, ensuring a limit on the number of snapshots created.

This guide will provide you with the requirements and configuration required for this feature to work correctly.

Pre-Requisites

  • Release 2.5.8 or later.
  • Access to the Eyeglass Web UI.

Configuration

  1. Open the Ransomware Defender Module by clicking on its icon on the Eyeglass Web UI desktop.
  2. Navigate to Settings, and then Snapshots.
  3. Uncheck "Snapshot User SMB Shares" to disable snapshots applied to user SMB shares detected by AD group permissions.
  4. Check "Enable Critical Path Snapshots" and then click on the + sign, to add the path to the list of paths which will have a snapshot applied on each detection event. (The snapshot will be created even if the user can't access the path.)
  5. Be sure to select the Network Elements (NEs) that the snapshots will be taken on. To do this, make sure "Select NE" is checked, and verify that the appropriate NEs are checked (and/or unchecked) for your setup.
  6. Add paths as needed.
  7. Change the Snapshot Budget value according to your needs. Once this limit is reached, no more snapshots will be created until they expire (48 hours by default.)
  8. Click Submit after making all changes.
info

Snapshot budget applies on a per NE basis, and only includes snapshots taken by the appliance (with the prefix igls).

As long as the snapshot count isn't exceeded in an individual NE, the combined total of snapshots for the NEs can be larger than the budget.

Notes and Known Limitations

  • The settings configured in this guide are global for all clusters/platforms.

See Also

You may now visit How to Configure Ransomware Defender Threat Detection Settings and Responses and explore the other guides there.