ONTAP 9.14

to Japanese version

Enable Autonomous Ransomware Protection by default in new volumes

Beginning with ONTAP 9.10.1, you can configure storage VMs (SVMs) such that new volumes are enabled by default for Autonomous Ransomware Protection (ARP) in learning mode.

About this task

By default, new volumes are created with ARP in disabled mode. You can modify this setting in ONTAP System Manager and with the CLI. Volumes enabled by default are set to ARP in learning (or dry-run) mode.

ARP will only be enabled on volumes created in the SVM after you have changed the setting. ARP will not be enabled on existing volumes. Learn how to enable ARP in an existing volume.

Beginning in ONTAP 9.13.1, adaptive learning has been added to ARP analytics, and the switch from learning mode to active mode is done automatically. For more information, see Learning and active modes.

Before you begin
  • The correct license must be installed for your ONTAP version.

  • The volume must be less than 100% full.

  • Junction paths must be active.

  • Beginning in ONTAP 9.13.1, it’s recommended you enable multi-admin verification (MAV) so that two or more authenticated user admins are required for anti-ransomware operations. Learn more.

Switch ARP from learning to active mode

Beginning in ONTAP 9.13.1, adaptive learning has been added to ARP analytics and the switch from learning mode to active mode is done automatically. The autonomous decision by ARP to automatically switch from learning mode to active mode is based on the configuration settings of the following options:


If the criteria for these options is not met after 30 days, the volume automatically switches to ARP active mode. This duration can be configured with the option anti-ransomware-auto-switch-duration-without-new-file-extension, but the maximum value is 30 days.

For more information on ARP configuration options, including default values, see the ONTAP man pages.

ONTAP System Manager
  1. Select Storage > Storage VMs then select the storage VM that contains volumes you want to protect with ARP.

  2. Navigate to the Settings tab. Under Security, select pen icon in the Anti-ransomware box, then check the box to enable ARP for NAS volumes. Check the additional box to enable ARP on all eligible NAS volumes in the storage VM.

    If you have upgraded to ONTAP 9.13.1, the Switch automatically from learning to active mode after sufficient learning setting is enabled automatically. This allows ARP to determine the optimal learning period interval and automate the switch to active mode. Turn off the setting if you want to manually transition to active mode.
  1. Modify an existing SVM to enable ARP by default in new volumes:
    vserver modify -vserver svm_name -anti-ransomware-default-volume-state dry-run

    At the CLI, you can also create a new SVM with ARP enabled by default for new volumes.
    vserver create -vserver svm_name -anti-ransomware-default-volume-state dry-run [other parameters as needed]

    If you upgraded to ONTAP 9.13.1 or later, adaptive learning is enabled so that the change to active state is done automatically. If you do not want this behavior to be automatically enabled, use the following command:

    vserver modify svm_name -anti-ransomware-auto-switch-from-learning-to-enabled false

Top of Page