After enabling the Ransomware Protection feature, the Learning Period is automatically activated. 

During the Learning Period, all programs detected by the Ransomware Protection feature will be considered as false positive and will be able to resume their execution. 

The programs detected as false positive will be automatically added to the list of allowed programs.

This feature allows to configure Ransomware Protection on a production server without disrupting its activity. 

We recommend to start with a 5 days Learning Period to identify all legit business applications.

If you stop the Learning Period, it will deactivate the Ransomware Protection.


Click on the "Ransomware Protection is disabled" button to reactivate the Learning Period.