Welcome to
Help Desk

Product Updates
Training
Support
Ideas Contact Support

Customizing Entropy-Based Ransomware Detections

Follow

Customers can now control the detection threshold for behavior-based (zero-day) Probable Ransomware detections. By controlling the detection threshold, customers can control the detection sensitivity. The detection threshold defines the percentage of suspicious files required to create a detection. For example, Secure & Govern analyzes a folder which contains 10 files. If the detection threshold is set to 50 percent, a Probable Ransomware detection would only occur if 5 or more files were found to be suspicious.

The behavior-based detection threshold is set to 50 percent by default, but Admins can adjust the range from 10 to 100 percent. Lowering the detection threshold, from 50 to 30 percent, will increase detection sensitivity and increase the number of behavior-based Probable Ransomware detections. Raising the confidence range, from 50 to 80 percent, will decrease detection sensitivity and decrease the number of behavior-based Probable Ransomware detections.

The detection threshold only impacts entropy-based (zero-day) Ransomware detections.

Customizing Detection Threshold

  • Log into Secure and Govern.
  • Go to the Settings
  • Select Analysis Rules
  • Select Probable Ransomware

The detection threshold can only be adjusted to a low range of 10 percent and high range of 100 percent in increments of 10.

Customizing Entropy-based Ransomware Detections - Probable Ransomware.png

  • Go to Detection Threshold and select from 10 - 100 from the dropdown

Customizing Entropy-based Ransomware Detections - Detection Threshold.png

  • The detection threshold is automatically updated

The detection threshold only impacts future Probable Ransomware detections. Existing “open” detections will not be changed.

 

 

Was this article helpful?
0 out of 0 found this helpful

For technical assistance, please contact us.