安恒主机卫士(EDR)勒索专防专杀解决方案杭州安恒信息技术股份有限公司二〇二二年四月修正版修正版目录1 需求概述..........................................................................................................................................11.1 勒索病毒简介..................................................................................................................................................... 11.2 勒索过程分析..................................................................................................................................................... 12 方案目标..........................................................................................................................................23 方案设计..........................................................................................................................................33.1 设计理念............................................................................................................................................................. 33.2 方案部署............................................................................................................................................................. 33.3 勒索处理流程..................................................................................................................................................... 43.3.1 确认感染勒索病毒,被加密前部署 EDR.....................................................................................43.3.2 开启专利级勒索防御双重引擎 ......................................................................................................53.3.3 一键应用“永恒之蓝勒索挖矿防御”批量配置模板,双向隔离 445 端口 ..............................53.3.4 观察进程启动日志、勒索加密阻断日志,定位病毒源 ..............................................................63.3.5 批量查杀病毒并复查 ......................................................................................
