Configure native FPolicy
Beginning with ONTAP 9.11.1, when you receive a System Manager Insight that suggests implementing native FPolicy, you can configure it on your storage VMs and volumes.
When you access System Manager Insights, under Apply best practices, you might receive a message saying that native FPolicy is not configured.
To learn more about FPolicy configuration types, refer to FPolicy configuration types.
-
In System Manager, click Insights in the left-hand navigation column.
-
Under Apply best practices, locate Native FPolicy is not configured.
-
Read the following message before taking action:
Blocking extensions might lead to unexpected results. Beginning with ONTAP 9.11.1, you can enable native FPolicy for storage VMs using System Manager.
With FPolicy Native Mode, you can allow or disallow specific file extensions. System Manager recommends over 3000 disallowed file extensions that have been used in past ransomware attacks. Some of these extensions might be used by legitimate files in your environment and blocking them might lead to unexpected issues.Therefore, it is strongly advised that you modify the list of extensions to meet the needs of your environment. Refer to How to remove a file extension from a native FPolicy configuration created by System Manager using System Manager to recreate the policy.
-
Click Fix.
-
Select the storage VMs to which you want to apply the native FPolicy.
-
For each storage VM, select the volumes that will receive the native FPolicy.
-
Click Configure.