Before posting, and to avoid disappointment, please read the following:

  • This forum is not for 2BrightSparks to provide technical support. It's primarily for users to help other users. Do not expect 2BrightSparks to answer any question posted to this forum.
  • If you find a bug in any of our software, please submit a support ticket. It does not matter if you are using our freeware, a beta version or you haven't yet purchased the software. We want to know about any and all bugs so we can fix them as soon as possible. We usually need more information and details from you to reproduce bugs and that is better done via a support ticket and not this forum.

Ransomware detection instructions -- insufficient?

For technical support visit https://support.2brightsparks.com/
Post Reply
dwalker59
Enthusiastic
Enthusiastic
Posts: 12
Joined: Tue Sep 13, 2005 10:36 pm

Ransomware detection instructions -- insufficient?

Post by dwalker59 »

The Help file for Ransomware detection (the profile-specific setting) says this:

"You must choose an existing file in the location, e.g. on the FTP server, on the same UNC share the profile uses, etc. The file can be anywhere that can be accessed by the profile, i.e. it does not need to be a file in the folder you are copying to or from. This means you could use the same file in multiple profiles that use the same location. When the profile is run the file is retrieved and checked for changes. If the files contents have changed then that is considered as Ransomware infection and the profile will abort. If it is within the folder you are copying to or from then you may want to filter it out of your profile or deselect it."

It's pretty clear that this is saying you can use a file in any folder as the ransomware detection test file, even if it's not in the source path of files being backed up.

Which means that I could use a file like "C:\Special\RansomDetect.rtf" as my ransomware detection file when I am backing up C:\Users\ as the source, for example to an FTP target. BUT, if some ransomware encrypted every file in my Users folder (or "Documents"), it may leave the files in C:\Special\ alone. It seems that SyncBack would incorrectly think that ransomware had NOT encrypted any of my files.

The doc for the profile-specific ransomware detection suggests using a folder different than the folder you are backing up, and it mentions using the same ransomware detection file for multiple profiles. So if my detection file is in the root of C, and I am backing up docs and spreadsheets from various folders, they may have all been scrambled by ransomware and SyncBack won't know it (if the ransomware left the root of C alone).

The doc seems to overpromise: It says "That setting [in Global Settings] lets SyncBackPro detect any Ransomware infection on your local system". ANY ransomware infection?

If my interpretation is correct, these instructions are somewhat misleading. How can Syncback notice that the files in C:\Users\ have been scrambled by ransomware, when the "test" file in C:\Special\ or in the root of C has not been scrambled? I am confused....

Thanks.
dwalker59
Enthusiastic
Enthusiastic
Posts: 12
Joined: Tue Sep 13, 2005 10:36 pm

Re: Ransomware detection instructions -- insufficient?

Post by dwalker59 »

No replies yet? Hmmmmm........

I would appreciate it if someone could help here, because I am worried that I have misread the instructions. Thanks.

David
Post Reply