Anti-ransomware protection in Fall Creators Update

Page 2 of 4 FirstFirst 1234 LastLast

  1. Posts : 4,201
    Windows 10 Pro x64 Latest RP
       #11

    The simple process of storing the safety backup external to your home would improve the data security.
    Storing the drive concerned at a family Member's home, or that of a friend, or neighbour's would be Ideal - you could also make this a reciprocal arrangement where you store their data backup.

    There is also of course the option of online storage, the cost of this would obviously depend on your data size and Internet access speeds but is a possibility.

    Coming from a business/industrial background means that I do try to safeguard data more than most but even for a home user, things like family photos that cannot be replaced are worth a little time & effort (and money ), to protect
      My Computers


  2. Posts : 812
    Win10
       #12

    Its up to the user. If you are very security conscious such as not to open any attachments or links in emails or go to sites that are not trusted or shady, then you can leave it disabled. I heard that its very intrusive most of the times. But again, its up to how secure conscious is the user.

    Your ultimate protection would be common sense (like mentioned above), patch your Windows and all software, and try to run as a Limited User account (if possible).

    And of course, backup your data.
      My Computer


  3. Posts : 7,606
    Windows 10 Home 20H2
       #13

    Bree said:
    You start getting notifications that some apps you've been using for ages are being blocked.
    That's why I keep using Malwarebytes Anti-Ransomware rather than turn on Controlled Folder Access.
      My Computer


  4. Posts : 284
    Windows 10 Pro 64-bit
       #14

    I’m a little surprised MS didn’t whitelist their own exes. Kind of stupid TBO.

    There is always going to be a bit of annoyance when using protection of this type but it’s needlessly intrusive when it’s bugging users to grant access for applications that it should know are safe.

    IMO, they need to tweak this feature with regularly updated app whitelist definitions. Anything not whitelisted is treated as unknown, requiring permission by the user. Not perfect, but would ease a lot of pain.

    Guess it’ll be another couple of years before they get this new feature out of beta. There is no way I’m activating this or recommending it’s use to anyone I help.
      My Computers


  5. Posts : 31,470
    10 Home x64 (22H2) (10 Pro on 2nd pc)
       #15

    vram said:
    There is no way I’m activating this or recommending it’s use to anyone I help.
    I've been using it for over a month now. The initial rush of apps I've had to whitelist took a couple of weeks before it dropped to zero. Since then it has been completely unobtrusive. I'm leaving it turned on.
      My Computers


  6. Posts : 284
    Windows 10 Pro 64-bit
       #16

    That’s good. Unfortunately I don’t have time to deal with that. Not myself, but for the people that will undoubtedly nag me about it.
      My Computers


  7. Posts : 5,478
    2004
       #17

    vram said:
    That’s good. Unfortunately I don't have time to deal with that. Not myself, but for the people that will undoubtedly nag me about it.
    That is why it is turned off by default - for people like you. You would get nagged. Not much but you would. You don't have time and would moan about the change.

    I use the maywarebytes anti-ransomware. It was a bore for about a day to get it working smoothly but now it does.

    If you don't use one (and don't bother making non-connected backups) then all you can do is hope for the best and not complain later.

    If you make backups (and all the people who nag you do) it doesn't matter really either way. You/they can just restore.
      My Computer


  8. Posts : 3,453
       #18

    vram said:
    I’m a little surprised MS didn’t whitelist their own exes. Kind of stupid TBO.

    There is always going to be a bit of annoyance when using protection of this type but it’s needlessly intrusive when it’s bugging users to grant access for applications that it should know are safe.

    IMO, they need to tweak this feature with regularly updated app whitelist definitions. Anything not whitelisted is treated as unknown, requiring permission by the user. Not perfect, but would ease a lot of pain.

    Guess it’ll be another couple of years before they get this new feature out of beta. There is no way I’m activating this or recommending it’s use to anyone I help.
    LOL... Yup...'nuff said

    BTW.. I had a similar issue with BD Free with over-zealous detection based on listing rather than heuristics - made me switch
      My Computer


  9. Posts : 4,201
    Windows 10 Pro x64 Latest RP
       #19

    Predesigned whitelists are a serious issue for antiransomware, as any executable can be the bad one, even if it appears to be a totally benign part of the OS or a standard windows "filler" app.

    The problem with ransomware is that it targets file areas where even a standard user has full control access - Spoof a suitable OS tool that is included in a whitelist and you have full access to encrypt all the user files. But if a standard OS tool attempts to access a file area and you as the user has not initiated it then you at least have something that needs checking immediately, ( unless you a click everything you see kind of person, and those are beyond help )
      My Computers


  10. Posts : 284
    Windows 10 Pro 64-bit
       #20

    Barman58 said:
    Predesigned whitelists are a serious issue for antiransomware, as any executable can be the bad one, even if it appears to be a totally benign part of the OS or a standard windows "filler" app.

    The problem with ransomware is that it targets file areas where even a standard user has full control access - Spoof a suitable OS tool that is included in a whitelist and you have full access to encrypt all the user files. But if a standard OS tool attempts to access a file area and you as the user has not initiated it then you at least have something that needs checking immediately, ( unless you a click everything you see kind of person, and those are beyond help )
    I understand what you're saying but if I whitelist explorer.exe, (and I'm going to have to do that) then the protection of this feature for this app is null and void for that exe, anyway.

    Its the same deal with many other apps the user is obviously going to whitelist as time goes on.

    Best you can do is make sure the definitions for whitelisted exes are properly hashed with digital sigs. Incorrect Hash or missing sig triggers user prompt.
      My Computers


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 17:45.
Find Us




Windows 10 Forums