Subscribe
Accepted Solution

FPolicy and Windows Server File Screening

Hi, we have a customer looking to move their CIFS file shares from a Windows Server to a NetApp.

There are currently using Windows Server's File Screening feature in Windows File Server Resource Manager to block certain file types.  They would like to continue doing this when they move to the Netapp.

I understand FPolicy can do some screening, but that it can also integrate with File Screening Servers to get it's policy data ... can such a server be a Windows Server with the native Microsoft File Screening feature?  If so does anyone know where I might find some documentation for setting this feature up?

Many thanks!

--

Mark Lomas

FPolicy and Windows Server File Screening

Hi Mark

When the NetApp Controller provides the CIFS Shares, there is no FSRM available. In order to use the FSRM feature within the Windows Server, it would need to support the FPolicy Feature/API of the NetApp Controller (which is not the case afaik).

You can setup basic file screening within the NetApp System. e.g. to block mp3 files from being stored:

options fpolicy.enable on

fpolicy create mp3blocker screen

fpolicy ext inc set mp3blocker mp3

fpolicy options mp3blocker required on

fpolicy monitor set mp3blocker -p cifs,nfs create,rename

fpolicy enable mp3blocker -f

Thats it,

Peter

PS In worst case they can keep using their Windows Server and attach a LUN to the NetApp (iSCSI/FC), then they can keep using the FSRM but loose the best snapshot technology in the world (or most of it)...

Re: FPolicy and Windows Server File Screening

One item missing is the fpolicy volume option to limit this to a particualr volume, so to apply only to a volume called homedirs:-

 

fpolicy vol inc add mp3blocker homedirs

 

if need to turn it off in a hurry as I just had to do :

 

fpolicy disable mp3blocker.

 

I have seen issues here, worked fine initially, then sudenly users could create one file or folder then all files and folder creation blocked

 

 

Re: FPolicy and Windows Server File Screening

Hello,

 

is it possible to block not just File Types, but File Patterns? 

 

for Example:

 

How_to_decrypt.html  or How_to_decrypt.*

 

At Windows File Server I can donwload a List from:

https://fsrm.experiant.ca/api/v1/get

 to block all this stuff.

 

for example

"*.wcry","*.velikasrbija","*.razarac","*.serpent","*.msj","*.szesnl","_DECRYPT_INFO_szesnl.html","000-IF-YOU-WANT-DEC-FILES.html","*.evillock","*.letmetrydecfiles","*.yourransom","*.lambda_l0cked","*.gefickt","*.uk-dealer@sigaint.org ","*.HakunaMatata","*.CRYPTOSHIELD","*.weareyourfriends","MERRY_I_LOVE_YOU_BRUCE.hta"

 

I can say block these File-extensions, file patterns AND when somebody try to Safe this file send an EMail to xx-it@mycompany.com with a warning an with the name/ip of the user who is trying to safe the ransomware data.

 

is it possible to implent it on Netapp?