Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Protect Endpoints from Ransomware and Phishing Attacks TechTalk: Video, Q&A, and Slides

Slides attached below.
Selected Q&A from the session to follow.

 

How are the files restored? From a backup saved somewhere?

The data is stored locally on the forensics DB so we can do near real-time remediation.

Is it necessary to configure the folder or files that we want to recover after encryption? or any file regardless of its location is recovered?

Data is kept with self protection so its protected on driver level. We have the ability to recover large amount of data which is bigger than the data needed for our engines.

Are there any file size limit for encrypted file decryption?

To be clear: we are not decrypting the files, but we are restoring the files backed up prior to their encryption. Typically we reserve 1-2 GB on the primary disk for this purpose, but it is configurable.

On one of the screens in the demo, I saw 165 files, 152 recovered 13 unrecovered. What are the 13 unrecovered files?

Some exclusions are in place for the demo env. to work. In a production all files will be restored.

An EDR solution based on behavior but how to restore so many files?

We backup files to the internal forensic DB when save

...
TO READ THE FULL POST it's simple and free