To prevent ransomware variants, configure Download Insight to quarantine the files that the Symantec customer base knows are malicious or that haven't yet been proven to be malicious.

See Ransomware removal and protection with Symantec Endpoint Protection.

To prevent ransomware attacks with Download Insight

  1. In the console, open the Virus and Spyware Protection policy - High Security and click Download Protection.

  2. On the Download Insight tab, make sure that Enable Download Insight to detect potential risks in downloaded files based on file reputation is checked.

  3. Check the following default options:

    • Files with 5 or fewer users

    • Files known by users for 2 or fewer days

    The low default values force the client to treat any file that has not been reported to Symantec by more than five users or for less than 2 days to be treated as unproven files. When unproven files meet these criteria, Download Insight detects the files as malicious.

  4. Make sure that Automatically trust any file downloaded from a trusted Internet or intranet site is checked.

  5. On the Actions tab, under Malicious Files, keep the first action as Quarantine risk and the second action as Leave alone.

  6. Under Unproven Files, click Quarantine risk.

  7. Click OK.

Legacy ID: v117437993_v81626096
  • Endpoint Protection

    14.2 RU1, 14.2 MP1, 14.2, 14.0.1 MP2, 14.0.1 MP1, 14.0.1, 14.0.0 MP2, 14 MP1, 14, 12.1 RU6 MP8, 12.1 RU6 MP7, 12.1 RU6 MP6, 12.1 RU6 MP5, 12.1 RU6 MP4, 12.1 RU6 MP3, 12.1 RU6 MP2, 12.1 RU6 MP1, 12.1 RU6, 12.1 RU5, 12.1 RU4, 12.1 RU3, 12.1 RU2

Thanks for your feedback. Let us know if you have additional comments below. (requires login)

    © 1995-2019 Symantec Corporation