Pause anti-ransomware to exclude workload events from analysis

Contributors

If you are expecting unusual workload events, you can temporarily suspend and resume anti-ransomware analysis at any time.

What you’ll need
  • Anti-ransomware is running in learning or active mode.

About this task

During an anti-ransomware pause, no events are logged nor are any actions for new writes. However, the analytics operation continues for earlier logs in the background.

Note Do not use the anti-ransomware disable function to pause analytics. Doing so disables anti-ransomware on the volume and all the existing information around learned workload behavior is lost. This would require a restart of the learning period.

System Manager procedure

  1. Click Storage > Volumes and then select the volume where you want to pause anti-ransomware.

  2. In the Security tab of the Volumes overview, click Pause anti-ransomware in the Anti-ransomware box.

CLI procedure

Pause ransomware protection on a volume:

security anti-ransomware volume pause -vserver svm_name -volume vol_name

To resume processing, use the resume parameter.

security anti-ransomware volume resume -vserver svm_name -volume vol_name