Activating and De-Activating Ransomware Detection
To activate or de-activate real-time ransomware detection, select 51. Activation from the main Anti-Ransomware screen (STRAR).
The Activation screen appears:
| TPACTV Activation iSecurity/ATP System: RLDEV Anti-Ransomware / Anti-Malware 1. Activate Real-Time Detection 2. De-activate Real-Time Detection 5. Work with Subsystem ZRANSOM jobs 7. Work with Subsystem QSERVER Jobs 8. Work with Active QZLS* Jobs Auto-Activation 11. Activate ZRANSOM Subsystem at IPL 12. Do Not Activate ZRANSOM SBS at IPL Special Situations 21. Activate NETSERVER with RESET(*YES) Use this option if joblog for option 1 or 2 says that the restart failed. Selection or command ===> F3=Exit F4=Prompt F9=Retrieve F12=Cancel F13=Information Assistant F16=System main menu |
Activating Real-Time Detection
To activate real-time detection, select 1. Activate Real-Time Detection.
The Anti-Ransomware - Activation screen appears.
| Anti-Ransomware - Activation RLDEV Anti-Ransomware status . . *Not-Active* Protect when active . . . Y Y=Yes, I=Yes in FYI (Simulation), Change by 81. System Configuration. N=No If before activation there was a program in the Exit Point, it will also run: Program . . . . . . . . . *NONE Name, *NONE Library . . . . . . . . Name If the program in the Exit Point is using the old PWFS0100 format, specify Y. Use PWFS0100 format only . Y Y=Yes, N=No Exit program of File Server QIBM_QPWFS_FILE_SERV will use PWFS0100 format only. Press Enter to activate, F3 to cancel. Explanation The File Server exit point can run only one program. If the exit point already has a program assigned, Anti-Ransomware ensures that the existing program is called following the Anti-Ransomware detection program. F3=Exit F22=Enable change of program name |
When the screen appears, all the fields are read-only, showing whether the exit point and Anti-Ransomware itself is active, inactive, or running in FYI Simulation Mode (in which the program reacts to events and logs what its responses would be if running, which not making any changes to the system). The Program and Library fields show the program called after Anti-Ransomware runs.
To change the Anti-Ransomware activation status, use the Anti-Ransomware Protection Setting screen, as shown in Setting Real Time Activities and Internal Logging.
Before you activate TP, use the WRKREGINF command to check the QIBM_QPWFS_FILE_SERV exit point for the program that is called after Anti-Ransomware is run.
To change the program called after Anti-Ransomware, press the F22 (Shift+F10) key. You can then change the values of the Program and Library fields. If they are blank, leave them blank.
To activate Anti-Ransomware, press Enter.
To cancel and exit to the previous screen, press the F3 key.
De-activating Real-Time Detection
To de-activate real-time detection, select 2. De-activate Real-Time Detection from theActivation screen (STRAR > 51).
The Anti-Ransomware - De-Activation screen appears.
| Anti-Ransomware - De-Activation De-Activation of Anti-Ransomware malware detection resets the exit program to the program that it had run before activation. Program to set back . . . *FIREWALL Name, *NONE Library . . . . . . . . Name Press Enter to continue, F3 to cancel. F3=Exit |
The screen's read-only Program to set back and Library fields show the program that is set as the exit program when you de-activate Anti-Ransomware.
To de-activate Anti-Ransomware, press Enter.
To cancel and exit to the previous screen, press the F3 key.