![Untitled design (1)-Aug-01-2022-12-37-27-80-PM.png]](https://help.syscloud.com/hs-fs/hubfs/Untitled%20design%20(1)-Aug-01-2022-12-37-27-80-PM.png?height=40&name=Untitled%20design%20(1)-Aug-01-2022-12-37-27-80-PM.png){kind=small}
Note: Ransomware action flows are available only for customers who have purchased the Ransomware add-on. If you don’t have the add-on enabled, contact Sales to purchase it and unlock ransomware action flows.
Not sure what action flows are? See What are custom action flows? to learn how automated actions work.
Step 1: Locate “Configure add-ons” in “Jobs” and enable “Ransomware”. Select “Configure” to choose the ransomware scans you want to perform.
Step 2: Select the ransomware scan(s) you want to run on the backed-up archives.
Step 3: Move to “Define action flows” and enable action flows for “Ransomware”. Select “Configure” to define the action flow.
Step 4: Enter a name for the ransomware action flow.
Step 5: Define the trigger criteria for the action flow:
-
Detection type: Ransomware or Encrypted
-
Risk category: High, Medium, or Low
Step 6: Define the automated action(s) to perform:
- Transfer ownership / Grant access
- Remove all file sharing
- Remove external sharing / collaborator
- Remove link sharing
(Optional) Enable notifications to:
- Admin
- Content owner
Step 7: To add more action flows, select “Create new action flow” and repeat the steps above.
Step 8: Enable the action flow by selecting “Confirm”. Once you select “Start backup”, the action flow will run based on the configured criteria and actions.