https://community.checkpoint.com/t5/Endpoint/AR-restoring-files-deleted-properly-what-to-exclude/m-p/34268#M3717 <HTML><HEAD></HEAD><BODY><P>Hi Olga,</P><P></P><P>we have already embedded exclusions for processes - so best-practise up to this is already included.</P><P>For other software this is as you wrote specific to the software behavior itsself - like massive amount of file changes etc ...</P><P></P><P>So the best approach is testing SBA on a test client with all the software you need to find out if you must include additional exclusions ...</P><P></P><P>Regards Thomas</P></BODY></HTML> Tue, 05 Jun 2018 10:05:56 GMT Thomas_Werner 2018-06-05T10:05:56Z https://community.checkpoint.com/t5/Endpoint/AR-restoring-files-deleted-properly-what-to-exclude/m-p/34263#M3712 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>we have an issue with Anti-Ransomware / Remediation.</P><P>The Windows-Admin was cleaning up some unnecessary user-profiles from clients with standard windows processes.</P><P>A bit later, users reported that they got a popup from Anti Ransomware and that&nbsp;dozens of files were restored.</P><P></P><P>Anyone else experienced this behavior?&nbsp;</P><P>Is there any way to exclude this properly, without making the system vulnerable by excluding system processes?</P><P></P><P>Thanks &amp; BR</P></BODY></HTML> Thu, 08 Mar 2018 08:13:48 GMT https://community.checkpoint.com/t5/Endpoint/AR-restoring-files-deleted-properly-what-to-exclude/m-p/34263#M3712 xiro 2018-03-08T08:13:48Z https://community.checkpoint.com/t5/Endpoint/AR-restoring-files-deleted-properly-what-to-exclude/m-p/34264#M3713 <HTML><HEAD></HEAD><BODY><P>Hi Amir,</P><P></P><P>we did several fine tunings on the "mass-file modification" behavioral detection mechanism suring the latest releases.</P><P>Are you running the latest version 80.81 ?</P><P></P><P><A class="link-titled" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk117536&amp;partition=General&amp;product=Endpoint" title="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk117536&amp;partition=General&amp;product=Endpoint">Endpoint Security Homepage</A>&nbsp;</P><P></P><P>Regards Thomas&nbsp;</P></BODY></HTML> Wed, 14 Mar 2018 13:23:39 GMT https://community.checkpoint.com/t5/Endpoint/AR-restoring-files-deleted-properly-what-to-exclude/m-p/34264#M3713 Thomas_Werner 2018-03-14T13:23:39Z https://community.checkpoint.com/t5/Endpoint/AR-restoring-files-deleted-properly-what-to-exclude/m-p/34265#M3714 <HTML><HEAD></HEAD><BODY><P>Unfortunately not yet - I've seen today that it should be released, but the download link is dead.</P><P></P><P>BR,</P><P>Amir</P></BODY></HTML> Wed, 14 Mar 2018 13:30:31 GMT https://community.checkpoint.com/t5/Endpoint/AR-restoring-files-deleted-properly-what-to-exclude/m-p/34265#M3714 xiro 2018-03-14T13:30:31Z https://community.checkpoint.com/t5/Endpoint/AR-restoring-files-deleted-properly-what-to-exclude/m-p/34266#M3715 <HTML><HEAD></HEAD><BODY><P>Hi Amir,</P><P></P><P>I notified the SK owner that the download links are broken.</P><P><BR />Regards Thomas</P></BODY></HTML> Wed, 14 Mar 2018 14:07:16 GMT https://community.checkpoint.com/t5/Endpoint/AR-restoring-files-deleted-properly-what-to-exclude/m-p/34266#M3715 Thomas_Werner 2018-03-14T14:07:16Z https://community.checkpoint.com/t5/Endpoint/AR-restoring-files-deleted-properly-what-to-exclude/m-p/34267#M3716 <HTML><HEAD></HEAD><BODY><P>Hello!</P><P>Have the similar problem.</P><P>Are there recommendation for Anti-Ransomware exceptions? There are legitimate programs that change a lot of use files, it's logical to add them to exceptions. But the custome wants to get recommendations from the documentation.</P></BODY></HTML> Tue, 29 May 2018 20:27:30 GMT https://community.checkpoint.com/t5/Endpoint/AR-restoring-files-deleted-properly-what-to-exclude/m-p/34267#M3716 Olga_Kuts 2018-05-29T20:27:30Z https://community.checkpoint.com/t5/Endpoint/AR-restoring-files-deleted-properly-what-to-exclude/m-p/34268#M3717 <HTML><HEAD></HEAD><BODY><P>Hi Olga,</P><P></P><P>we have already embedded exclusions for processes - so best-practise up to this is already included.</P><P>For other software this is as you wrote specific to the software behavior itsself - like massive amount of file changes etc ...</P><P></P><P>So the best approach is testing SBA on a test client with all the software you need to find out if you must include additional exclusions ...</P><P></P><P>Regards Thomas</P></BODY></HTML> Tue, 05 Jun 2018 10:05:56 GMT https://community.checkpoint.com/t5/Endpoint/AR-restoring-files-deleted-properly-what-to-exclude/m-p/34268#M3717 Thomas_Werner 2018-06-05T10:05:56Z