Windows Built-in Ransomware Protection


Recommended Posts

Anyone played around with it?

 

https://lifehacker.com/why-you-should-use-windows-defenders-ransomware-prevent-1837311176

 

I know this isn't explicitly UNRAID related but we spend a fair bit of time talking about protecting our servers and thought this might be worth a discussion.


After I turned the feature on I went to add more locations and noticed BOOM my linked \\tower shares showed up by default. To be sure, these are the locations that are part of my mapped Windows Libraries such as Music, Videos, etc. Notice something missing? No of course you woulnd't ;-) ... my Movies share isn't there because it isn't part of a Windows Library.

image.thumb.png.7986fb4cd966a42683205c62f38e7e4b.png

It was easy enough to the missing \\tower\movies share.

image.png.35603858dcd3fd7259158ee411919e27.png

While typing this post I got my first alert

image.png.a0f0f6083b81bb8373a7150ef7b99d8a.png

PickerHost.exe seems harmless enough from searching. Though I have no idea what it is doing in My Data Sources. A little research showed PickerHost.exe to be harmless and part of windows so I used the Action|Allow on Device option.

 

In any case, I thought some of you might be interested and I'm surprised at least a quick search didn't find any discussion. But please feel free to post the link(s) if there has been.

 

I'm still not ready to make my SMB shares read/write since I so rarely even need to write to them externally. When I do I just change their status for a moment and then revert back. Afterall, my PC isn't the only computer / device on the network but I'll be adding this to the other windows machine soon enough and defense in depth is always the right answer.

 

Edited by jumperalex
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.