GuardMode 2024.3
  • Welcome to GuardMode!
  • Intro
  • Installation
    • System requirements
    • Installing GuardMode Agent on Windows
      • Updating GuardMode Agent on Windows
    • Installing GuardMode Agent on Linux
      • Using Containerized GuardMode Agent
    • Uninstalling GuardMode Agent on Windows
    • Uninstalling GuardMode Agent on Linux
    • Configuring GuardMode Agent for SAMBA setup
    • Uninstalling GuardMode Agent on SAMBA setup
  • Agent Configuration
    • General Settings
    • Excluded Paths Configuration
    • Adding malware detection rules
      • Honeypot and Decoy Files
      • Write Operations Threshold
      • Detecting File Renaming with Abnormal File Extensions
      • Special Files Monitoring
    • Security Incident Detection
    • SMB Monitoring (Linux Only)
    • Event Reports
      • Configuring Event Reports
      • Excluding Paths From Event Reports
      • Tagging Agent
    • NFS Share Monitoring
    • Altering Audit Rules
    • Blocklist Management
      • Configuring DPX for Automatic Blocklist Updates
    • Using TLS
    • Configuring YARA-X
  • Using GuardMode Agent Command Line
  • REST API Documentation
  • On-demand Scanning
  • Logging
  • FAQ
  • Technical Support
Powered by GitBook
On this page
  • Blocklist Management in DPX
  • Blocklist Management in vStor
  1. Agent Configuration

Blocklist Management

PreviousAltering Audit RulesNextConfiguring DPX for Automatic Blocklist Updates

Last updated 7 days ago

GuardMode Agent comes with a list of known ransomware-related file name and file extension patterns. Blocklists should be periodically updated to respond to most recent ransomware campaigns and exclude false positives.

Blocklist Management in DPX

Blocklist updates on Security Nodes are managed by DPX Master Server. This feature is disabled by default. You can enable automatic blocklist updates, change blocklist source and specify update interval. To configure automatic blocklist updates in DPX Master Server, see .

Blocklist Management in vStor

Blocklists for vStor-bundled GuardMode Agent used for backup scans are updated daily at 3 AM from a fixed source. These settings cannot be changed.

Tip. For offline environments, you can save your custom blocklist.json file in the /opt/catalogic/guard-mode/agent/ directory. Note: the file will be overwritten the next time your vStor has Internet access during the update window (3 AM). To avoid this, ensure your vStor is disconnected from the Internet at all times.

Configuring DPX for Automatic Blocklist Updates