Anti-Ransomware: A Holistic Ransomware Protection Tool 

Ransomware has evolved into a sneaky and expensive security threat that hangs over businesses. ManageEngine's Anti-Ransomware is an out of the box solution that is geared to detect and resolve ransomware infections at an early stage while causing the least amount of disruption. The software's intelligent behavior detection techniques swiftly detect anomalies in file activity with maximum accuracy and enables in putting up a proactive front against future attacks. It is also equipped with a fail-safe recovery feature that restores your data safely.

Detect

 Automatically detect unusual file alterations on your endpoints that resemble a ransomware attack.

Resolve

Analyze the incident and determine whether it was a real positive or a false positive.

Recover

Instantly obtain a non-erasable backup of all the files that were compromised in the attack.

The average ransom fee requested has increased from $5,000 in 2018 to around $200,000 in 2020. (National Security Institute, 2021)
The average downtime a company experiences after a ransomware attack is 21 days. (Coveware, 2020)
Remote workers will be the main target of cybercriminals throughout 2021. (Security Magazine, 2020)

An endpoint security solution armed to parry the blow of a ransomware attack.

Machine learning-assisted behavior analysis

Anti-Ransomware uses machine learning-based behavior detection algorithms to broaden the scope and enhance the accuracy of detecting ransomware attacks, which is a considerable improvement over outdated signature-based approaches. When a process that resembles a ransomware pattern has browsed a file, encrypted it, and updated it, an alert is raised. Following that, the alerts are sorted and documented as incidents.

Single-step incident response technique

When an anomaly is discovered, it is resolved by examining the process and flagging it as a true positive or false positive incident. The file recovery process is initiated if it is a true positive. If the process is identified as a false positive, similar ones in the future will be automatically flagged as false positives.

One-click recovery of protected file backups for a reliable rollback

Anti-Ransomware leverages Microsoft's VSS service to obtain shadow copies of all the files on an endpoint every three hours. All infected files are reverted to the most recent copy of the file stored, on confirmation, following a ransomware attack. The files are automatically restored if the same ransomware attack occurs again.

Trusted executables can be excluded for a smooth sailing workflow

When it comes to endpoint protection, Anti-Ransomware takes a zero-trust approach. Trusted executables that are known to be safe and benign can be excluded with the Exclusions feature and can be exempted from real-time behavior detection and incident notifications to preserve productivity. To prevent unintentional attack through the Exclusions list, this exclusion list can be further limited down by specifying Signed Certificates and Allowed Folders in which they are to be exempted.

Early Access Program FAQs

FAQs

This FAQs section answers your queries about the Early Access program. To know about the product FAQs, click here!


1. How to enable the Anti-Ransomware Early Access program ?

Our early access program is now being rolled out phase-by-phase to our existing users. Once eligible, the Anti-Ransomware tab will appear. We recommend you to contact support to gain immediate access.

2. Can Endpoint Central free trial users try Anti-Ransomware ?

Yes,Endpoint Central free trial users can access the Anti-Ransomware module .

Note : The Anti-Ransomware module is availabe in the latest build of Endpoint Central (11.1.2236.1 and above) .

3. Do we have to deploy another agent?

No, We don't have to deploy another agent as the existing Endpoint Central agent itself will work for Anti-Ransomware. The features of Anti-Ransomware are available out-of-the-box and can be leveraged immediately after enabling the Early Access program.

4. What are the operating systems supported by Anti-Ransomware?

It is currently available for the below Windows OS versions:

  • Windows 8
  • Windows 8.1
  • Windows 10
  • Windows 11

5. Will this be automatically added to the next year's license cost?

No, there will be no costs incurred pertaining to Anti-Ransomware until the end of the Early Access program. 

6. What happens after the end of the Early Access program?

After the completion of early access program users will get a free extension for a period of six months.To further extend usage after early access program a subscription fee will have to be paid prior to the end of early access program.

7. Can Anti-Ransomware be disabled later?

Yes, Anti-Ransomware can be disabled any time through the Settings option available in the Anti-Ransomware tab.

 

 

Unified Endpoint Management and Security Solution