Pause anti-ransomware to exclude workload events from analysis
If you are expecting unusual workload events, you can temporarily suspend and resume anti-ransomware analysis at any time.
Anti-ransomware is running in learning or active mode.
During an anti-ransomware pause, no events are logged nor are any actions for new writes. However, the analytics operation continues for earlier logs in the background.
|Do not use the anti-ransomware disable function to pause analytics. Doing so disables anti-ransomware on the volume and all the existing information around learned workload behavior is lost. This would require a restart of the learning period.|
System Manager procedure
Click Storage > Volumes and then select the volume where you want to pause anti-ransomware.
In the Security tab of the Volumes overview, click Pause anti-ransomware in the Anti-ransomware box.
Pause ransomware protection on a volume:
security anti-ransomware volume pause -vserver svm_name -volume vol_name
To resume processing, use the resume parameter.
security anti-ransomware volume resume -vserver svm_name -volume vol_name