<< Click to Display Table of Contents >> Navigation: Using SyncBackPro > Expert Mode > Ransomware Detection |
Local Ransomware detection is already available in Global Settings. That setting lets SyncBackPro detect any Ransomware infection on your local system so that no profiles can be run if ransomware is detected. With this profile specific setting, you can enable Ransomware detection for the source and/or destination you are using with the profile. For example, if you are copying from an FTP server you can detect Ransomware on the remote FTP server. Ransomware detection cannot be used with Google Photos, backup of email or location scripts.
The configuration is similar to how it works in the Global Settings. You must choose an existing file in the location, e.g. on the FTP server, on the same UNC share the profile uses, etc. The file can be anywhere that can be accessed by the profile, i.e. it does not need to be a file in the folder you are copying to or from. This means you could use the same file in multiple profiles that use the same location. When the profile is run the file is retrieved and checked for changes. If the files contents have changed then that is considered as Ransomware infection and the profile will abort. Keep in mind that you should not be changing, or deleting, the Ransomware file you choose. If it is within the folder you are copying to or from then you may want to filter it out of your profile or deselect it.
SyncBack Touch also supports ransomware detection. When configured, the remote SyncBack Touch service will check if there has been a ransomware infection on the SyncBack Touch device.
All three of the ransomware detection methods have different settings, work independently from each other and can be used at the same time:
oRansomware detection in Global Settings detects infection on your local system (that SyncBackPro is running on). You can have SyncBackPro create the detection file or choose an existing one. If infection is detected then no profiles can be run.
oWith SyncBack Touch ransomware detection, Touch creates the detection file on the system it is running on. If infection is detected then any profiles using that Touch service will not run.
oIf you want a profile to detect ransomware on the source/left and/or destination/right, then it can be configured in the profile itself using the settings explained on this page. If ransomware is detected then the profile will not run.
•Detect Ransomware in source/left: If this checkbox is ticked then ransomware detection is enabled on the source/left. Click on the three-dots (...) in the Filename edit box to choose the ransomware detection file on the source/left. You must choose an existing file that the profile has read access to and is 1MiB (1,048,576 bytes) or smaller. The file can be anywhere that can be accessed, i.e. it does not need to be a file in the folder you are copying to or from. This means you could use the same file in multiple profiles. Keep in mind that you should not be changing, or deleting, the Ransomware file you choose. If it is within the folder you are copying to or from then you may want to filter it out of your profile or deselect it.
•Detect Ransomware in destination/right: If this checkbox is ticked then ransomware detection is enabled on the destination/right. Click on the three-dots (...) in the Filename edit box to choose the ransomware detection file. You must choose an existing file that the profile has read access to and is 1MiB (1,048,576 bytes) or smaller.
Ransomware detection will have a small impact on performance as SyncBackPro needs to download the detection file and calculate its hash value. However, you must decide if performance or security is most important to you.
The ransomware detection file must be 1MiB (1,048,576 bytes) or smaller. |
If you are on a cloud system do not choose a file in cold storage, e.g. Glacier, as your detection file. There are several reasons for this (cost of retrieval, immutability, etc). |
All Content: 2BrightSparks Pte Ltd © 2003-2024