Customers can now control the detection threshold for behavior-based (zero-day) Probable Ransomware detections. By controlling the detection threshold, customers can control the detection sensitivity. The detection threshold defines the percentage of suspicious files required to create a detection. For example, Secure & Govern analyzes a folder which contains 10 files. If the detection threshold is set to 50 percent, a Probable Ransomware detection would only occur if 5 or more files were found to be suspicious.
The behavior-based detection threshold is set to 50 percent by default, but Admins can adjust the range from 10 to 100 percent. Lowering the detection threshold, from 50 to 30 percent, will increase detection sensitivity and increase the number of behavior-based Probable Ransomware detections. Raising the confidence range, from 50 to 80 percent, will decrease detection sensitivity and decrease the number of behavior-based Probable Ransomware detections.
The detection threshold only impacts entropy-based (zero-day) Ransomware detections.
Customizing Detection Threshold
- Log into Secure and Govern.
- Go to the Settings
- Select Analysis Rules
- Select Probable Ransomware
The detection threshold can only be adjusted to a low range of 10 percent and high range of 100 percent in increments of 10.
- Go to Detection Threshold and select from 10 - 100 from the dropdown
- The detection threshold is automatically updated
The detection threshold only impacts future Probable Ransomware detections. Existing “open” detections will not be changed.