Skip to main content

Opt out of ONTAP Autonomous Ransomware Protection default enablement

Contributors netapp-dbagwell
PDFs

Beginning with ONTAP 9.18.1, Autonomous Ransomware Protection (ARP) is automatically enabled by default on all new volumes for AFF A-series and AFF C-series, ASA, and ASA r2 systems after a 12-hour warmup period following an upgrade or new installation, provided an ARP license is installed. You can opt out of this default enablement during or after the 12-hour grace period using System Manager or the ONTAP CLI.

Note Existing volumes must be manually enabled for ARP.
About this task

The setting you choose for this procedure can be changed later. After the grace period, you always have the flexibility to turn on or turn off default enablement at any time:

security anti-ransomware auto-enable modify -new-volume-auto-enable false|true
Steps

You can use System Manager or the ONTAP CLI to manage ARP default enablement options.

System Manager

  1. Select Cluster > Settings.

  2. Do one of the following:

    • Disable during active grace period:

      1. In the Anti-ransomware section, you'll see a message indicating the hours remaining before ARP will be enabled. Select Don't enable.

      2. Select Disable in the next dialog box to confirm that default ARP enablement is turned off for new volumes.

    • Disable after grace period:

      1. In the Anti-ransomware section, select Edit icon.

      2. Select the checkbox and then Save to disable default ARP enablement for new volumes.

CLI

  1. Check the default enablement status:

    security anti-ransomware auto-enable show

  2. Disable default enablement for new volumes:

    security anti-ransomware auto-enable modify -new-volume-auto-enable false
Related information