Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
xiro
Contributor

AR restoring files deleted properly - what to exclude?

Hi,

we have an issue with Anti-Ransomware / Remediation.

The Windows-Admin was cleaning up some unnecessary user-profiles from clients with standard windows processes.

A bit later, users reported that they got a popup from Anti Ransomware and that dozens of files were restored.

Anyone else experienced this behavior? 

Is there any way to exclude this properly, without making the system vulnerable by excluding system processes?

Thanks & BR

0 Kudos
5 Replies
Thomas_Werner
Employee Alumnus
Employee Alumnus

Hi Amir,

we did several fine tunings on the "mass-file modification" behavioral detection mechanism suring the latest releases.

Are you running the latest version 80.81 ?

Endpoint Security Homepage 

Regards Thomas 

0 Kudos
xiro
Contributor

Unfortunately not yet - I've seen today that it should be released, but the download link is dead.

BR,

Amir

0 Kudos
Thomas_Werner
Employee Alumnus
Employee Alumnus

Hi Amir,

I notified the SK owner that the download links are broken.


Regards Thomas

0 Kudos
Olga_Kuts
Advisor

Hello!

Have the similar problem.

Are there recommendation for Anti-Ransomware exceptions? There are legitimate programs that change a lot of use files, it's logical to add them to exceptions. But the custome wants to get recommendations from the documentation.

0 Kudos
Thomas_Werner
Employee Alumnus
Employee Alumnus

Hi Olga,

we have already embedded exclusions for processes - so best-practise up to this is already included.

For other software this is as you wrote specific to the software behavior itsself - like massive amount of file changes etc ...

So the best approach is testing SBA on a test client with all the software you need to find out if you must include additional exclusions ...

Regards Thomas

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events