Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

SMB Ransomware Protection Demo: Sangfor Athena EPP

Sangfor
07/04/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


detects ransomware activity on an SMB network share and automatically blocks the compromised endpoint. Before running the simulation, we'll first make sure the protection policy is enabled. Open the Athena EPP Manager console and go to the anti-ransomware configuration page. Under ransomware protection, enable SMB-based remote ransomware protection. With the policy in place, let's move to the demo environment. In this setup, one endpoint is acting as a compromised machine. It has access to the SMB server and will be used to run a ransomware script against the network share. Here, we are logged into the SMB server, shown on the left, while the SMB share being accessed from the compromised endpoint is shown on the right. This confirms that the endpoint currently has normal access to the shared folder. Now, we'll simulate the ransomware attack. On the endpoint, the script attempts to encrypt files on the SMB network share. As soon as suspicious encryption activity is detected, the Athena EPP agent responds automatically. An alert appears on the SMB server and the endpoint is immediately blocked from accessing the share. At this point, the attack has been stopped and the affected SMB access has been cut off. Next, let's see how this incident appears from the administrator's view. Return to the Athena EPP Manager console. On the malware page, click suspicious activities to view the alerts generated by the platform. Open the relevant alert to review the detected behavior, affected asset, and recommended remediation steps. This gives administrators a centralized view of what happened and what action was taken. Now, let's check the local protection logs on the SMB server. Open the Athena EPP agent on the server. From the home page, click logs, go to real-time protection, and filter the logs by ransomware protection and ransomware activity. Here, we can confirm that the suspicious remote file activity was detected and blocked by the agent. After the incident has been reviewed, administrators can decide whether to restore access for the blocked endpoint. To do this, go to settings, ransomware protection, restore encrypted files, then select blocked IPs. This page shows the SMB connections that were blocked by the agent. Before restoring access, let's verify that the block is still active. Switch back to the endpoint and try to access the SMB server again. As expected, the SMB share is still unavailable. Now, return to the server and remove the IP block. Once the block is lifted, we'll test the connection again from the endpoint. The SMB share can now be accessed successfully. This completes the demonstration of Sanford Athena EPP's SMB anti-ransomware protection, including detection, automatic blocking, alert review, and access restoration. Thank you for watching.

TL;DR

  • Sangfor Athena EPP's SMB-based Remote Ransomware Protection detects malicious encryption attempts on network shares and automatically blocks the compromised endpoint without requiring manual intervention.
  • The Athena EPP Manager console provides centralized alert visibility, showing affected assets, detected behaviors, and recommended remediation steps for each ransomware incident.
  • Local agent logs on the SMB server can be filtered by ransomware protection category, giving administrators granular forensic detail on exactly what activity was detected and blocked.
  • After a threat is neutralized, administrators can restore SMB access by removing the blocked IP entry from the ransomware protection settings page, with connectivity verified immediately.

Summary

This product demonstration walks through the complete lifecycle of an SMB-based remote ransomware attack and shows how Sangfor Athena EPP detects, blocks, and remediates the threat in real time. The demo begins with enabling the SMB-based Remote Ransomware Protection policy inside the Athena EPP Manager console — a straightforward toggle under the anti-ransomware configuration page. From there, a simulated attack is staged using a compromised endpoint that has legitimate access to an SMB network share. When a ransomware script attempts to encrypt files on that share, the Athena EPP agent on the SMB server detects the suspicious encryption activity and immediately cuts off the attacker's network access — no manual intervention required. Administrators can then review the incident through the centralized management console, where the malware page surfaces suspicious activity alerts with details on the affected asset, detected behavior, and recommended remediation steps. Local protection logs on the agent provide an additional layer of forensic visibility, filterable by ransomware protection and ransomware activity categories. Once the threat has been reviewed and neutralized, administrators can selectively restore access by navigating to the blocked IPs list under ransomware protection settings and removing the relevant IP block — with the demo confirming that SMB connectivity is fully restored afterward. The demonstration covers the full incident response workflow from policy configuration through detection, alerting, log review, and access recovery.

Chapters

0:00 - Introduction & Overview
0:20 - Enabling SMB Protection Policy
0:35 - Demo Environment Setup
1:00 - Ransomware Attack & Auto-Block
1:31 - Alert Review in EPP Console
1:55 - Local Agent Log Analysis
2:22 - Restoring Access & Verification

Key Quotes

1:04 "The script attempts to encrypt files on the SMB network share. As soon as suspicious encryption activity is detected, the Athena EPP agent responds automatically."
1:17 "An alert appears on the SMB server and the endpoint is immediately blocked from accessing the share."
1:44 "Open the relevant alert to review the detected behavior, affected asset, and recommended remediation steps. This gives administrators a centralized view of what happened and what action was taken."
2:09 "Here, we can confirm that the suspicious remote file activity was detected and blocked by the agent."

FAQ

Does Athena EPP require manual action to block a ransomware attack on an SMB share?

No. The Athena EPP agent responds automatically the moment suspicious encryption activity is detected on the SMB network share, immediately blocking the compromised endpoint's access without requiring administrator intervention.

How do administrators restore SMB access after a ransomware block is applied?

Administrators navigate to Settings > Ransomware Protection > Restore Encrypted Files > Blocked IPs in the Athena EPP console, locate the blocked connection, and remove the IP block. SMB connectivity is restored immediately once the block is lifted.


Categories:
  • » Data Protection » Backup & Recovery
  • » Cybersecurity » Endpoint Security
  • » Data Protection
Channels:
News:
Events:
Tags:
  • Endpoint Security
  • Threat Intelligence
  • Security Operations
  • Demo
  • Getting Started
  • Data Protection
  • SMB ransomware protection
  • endpoint protection platform
  • network share security
  • ransomware detection and response
  • automatic threat blocking
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: SMB Ransomware Protection Demo: Sangfor Athena EPP

              Upcoming Webinar Calendar

              • 07/09/2026
                01:00 PM
                07/09/2026
                The HUMAN Experience: Empowering Agentic Trust in Practice
                https://www.truthinit.com/index.php/channel/2026/the-human-experience-empowering-agentic-trust-in-practice/
              • 07/14/2026
                01:00 PM
                07/14/2026
                Crafting an Elite Security Team to Achieve Championship-Level Defense
                https://www.truthinit.com/index.php/channel/2025/crafting-an-elite-security-team-to-achieve-championship-level-defense/
              • 07/14/2026
                02:00 PM
                07/14/2026
                Understanding the Crucial Role of Context in AI Data
                https://www.truthinit.com/index.php/channel/2037/understanding-the-crucial-role-of-context-in-ai-data/
              • 07/21/2026
                04:00 AM
                07/21/2026
                Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
              • 07/21/2026
                01:00 PM
                07/21/2026
                HUMAN Dialogue: Insights from Attackers During the FIFA World Cup
                https://www.truthinit.com/index.php/channel/2029/human-dialogue-insights-from-attackers-during-the-fifa-world-cup/
              • 07/22/2026
                06:30 AM
                07/22/2026
                Insights and Innovations in Data Privacy and Digital Protection
                https://www.truthinit.com/index.php/channel/2000/insights-and-innovations-in-data-privacy-and-digital-protection/
              • 07/28/2026
                01:00 PM
                07/28/2026
                Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
              • 07/29/2026
                04:00 AM
                07/29/2026
                Real-Time Strategies for Safeguarding Against Prompt Injections
                https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
              • 07/29/2026
                12:00 PM
                07/29/2026
                Unified Data Security in Action: Uncover, Analyze, and Resolve Threats
                https://www.truthinit.com/index.php/channel/2045/unified-data-security-in-action-uncover-analyze-and-resolve-threats/
              • 08/19/2026
                12:00 PM
                08/19/2026
                Becoming Agent Ready: Insights from Cyera's Expertise
                https://www.truthinit.com/index.php/channel/2036/becoming-agent-ready-insights-from-cyeras-expertise/
              • 09/30/2026
                04:00 AM
                09/30/2026
                AI Command Center: Optimizing Visibility and Control in Your Operations
                https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/

              Upcoming Events

              • Jul
                09

                The HUMAN Experience: Empowering Agentic Trust in Practice

                07/09/202601:00 PM ET
                • Jul
                  14

                  Crafting an Elite Security Team to Achieve Championship-Level Defense

                  07/14/202601:00 PM ET
                  • Jul
                    14

                    Understanding the Crucial Role of Context in AI Data

                    07/14/202602:00 PM ET
                    • Jul
                      21

                      Strategies for Managing AI Governance and Securing App-to-LLM API Traffic

                      07/21/202604:00 AM ET
                      • Jul
                        21

                        HUMAN Dialogue: Insights from Attackers During the FIFA World Cup

                        07/21/202601:00 PM ET
                        More events
                        Truth in IT
                        • Sponsor
                        • About Us
                        • Terms of Service
                        • Privacy Policy
                        • Contact Us
                        • Preference Management
                        Desktop version
                        Standard version