Anti-Ransomware: A Holistic Ransomware Protection Tool

Ransomware has evolved into a sneaky and expensive security threat that hangs over businesses. ManageEngine's Anti-Ransomware is an out-of-the-box solution that is geared to detect and resolve ransomware infections at an early stage while causing the least amount of disruption. The software's intelligent behavior detection techniques swiftly detect anomalies in file activity with maximum accuracy and enable putting up a proactive front against future attacks. It is also equipped with a fail-safe recovery feature that restores your data safely.


Automatically detect unusual file alterations on your endpoints that resemble a ransomware attack.


Analyze the incident and determine whether it was a real positive or a false positive.


Instantly obtain a non-erasable backup of all the files that were compromised in the attack.

Ransomware remains the most common form of malware in 2022. It has grown in popularity due to its capacity to extort large sums of money while posing a low risk to cybercriminals. (Cybereason,2022)
The average downtime a company experiences after a ransomware attack is 21 days. (Lougtec,2022)
There will be ransomware attack every 11 seconds by 2023. By that time, the global cost will be $20 billion yearly. (Web Arx Security,2022)

Detect, mitigate, and restore encrypted files post a ransomware attack using Endpoint Central

An endpoint security solution armed to parry the blow of a ransomware attack.

Machine learning-assisted behavior analysis

Anti-Ransomware uses machine learning-based behavior detection algorithms to broaden the scope and enhance the accuracy of detecting ransomware attacks, which is a considerable improvement over outdated signature-based approaches. When a process that resembles a ransomware pattern has browsed a file, encrypted it, and updated it, an alert is raised. Following that, the alerts are sorted and documented as incidents.

Single-step incident response technique

When an anomaly is discovered, it is resolved by examining the process and flagging it as a true positive or false positive incident. The file recovery process is initiated if it is a true positive. If the process is identified as a false positive, a similar one in the future will be automatically flagged as a false positive.

One-click recovery of protected file backups for a reliable rollback

Anti-Ransomware leverages Microsoft's VSS service to obtain shadow copies of all the files on an endpoint every three hours. All infected files are reverted to the most recent copy of the file stored, on the confirmation, following a ransomware attack. The files are automatically restored if the same ransomware attack occurs again.

Trusted executables can be excluded for a smooth sailing workflow

When it comes to endpoint protection, Anti-Ransomware takes a zero-trust approach. Trusted executables that are known to be safe and benign can be excluded with the Exclusions feature and can be exempted from real-time behavior detection and incident notifications to preserve productivity. To prevent unintentional attacks through the Exclusions list, this exclusion list can be further limited by specifying Signed Certificates and Allowed Folders in which they are to be exempted.

Add-on FAQs


This FAQs section answers your queries about the add-on. To know about the product FAQs, click here!

1. What is Anti-Ransomware?

Anti-Ransomware is an enterprise-grade solution designed to protect against ransomware attacks. It uses heuristic detection to identify threats based on behavior patterns and provides complete incident analysis, including IoC and IoA identification based on the MITRE ATT&CK framework. The solution quarantines infected devices, neutralizes threats, and enables single-click recovery to restore systems to a pre-attack state with minimal downtime.

2. Can Endpoint Central free trial users try Anti-Ransomware ?

Yes, Endpoint Central free trial users can access the Anti-Ransomware module .

Note: The Anti-Ransomware module is available in the latest build of Endpoint Central (11.1.2236.1 and above) .

3. Benefits of using an enterprise ransomware protection tool

  • Comprehensive security: Enterprise ransomware protection tools offer multi-layered security, combining real-time threat detection, automated response, and continuous monitoring to safeguard sensitive data.
  • Minimized downtime: By quickly identifying and neutralizing ransomware, these tools reduce downtime and maintain business continuity.
  • Data protection: Protect critical business data from encryption and extortion attempts, ensuring data integrity and availability.
  • Cost savings: Prevent financial losses associated with ransom payments, data recovery, and reputational damage.
  • Regulatory compliance: Ensure compliance with industry regulations and standards by implementing robust ransomware defenses.

4. Do we have to deploy another agent?

No, We don't have to deploy another agent as the existing Endpoint Central agent itself will work for Anti-Ransomware.

5. How does Endpoint Central's Anti-Ransomware works?

Anti-Ransomware leverages a combination of signature-based detection, heuristic analysis, and machine learning to identify and stop ransomware threats. It operates by:

  • Real-time monitoring: Continuously scanning for suspicious activity and potential ransomware behavior.
  • Behavioral analysis: Using advanced algorithms to detect anomalous file and system behaviors indicative of ransomware attacks.
  • Device quarantine: Provides administrators with the tools to manually isolate affected systems to prevent the spread of ransomware across the network.
  • Threat remediation: Automatically removing ransomware and restoring encrypted files from secure backups.

6. Why Endpoint Central is the best ransomware protection tool in 2024

Endpoint Central stands out as the best anti-ransomware protection tool in 2024 due to its comprehensive feature set and innovative approach to cybersecurity:

  • Advanced threat detection: Utilizes AI-driven analysis and machine learning to detect even the most sophisticated ransomware attacks.
  • Automated incident response: Provides automated remediation to quickly address and neutralize threats.
  • Device quarantine capability: Allows administrators to manually isolate infected devices to prevent the spread of ransomware across your network.
  • Infected file recovery capability: Recovers encrypted files efficiently, ensuring minimal data loss and business disruption.

7. What are the operating systems supported by Anti-Ransomware?

It is currently available for the below Windows OS versions:

  • Windows 8
  • Windows 8.1
  • Windows 10
  • Windows 11

8. Can Anti-Ransomware be disabled later?

Yes, Anti-Ransomware can be disabled any time through the Settings option available in the Anti-Ransomware tab.

Unified Endpoint Management and Security Solution