Jump to content

ransomeware and the 'WindowsImageBackup' and 'FileHistory' folders

joshee

By joshee
in Windows 10

 Share

Recommended Posts

joshee

joshee

Posted
Posted

On my external disk i have a 'WindowsImageBackup' and 'FileHistory' folder and as a user
i am not allowed to look in these folders. I even can not see what permissions are given.

Is it still possible, for a ransomware virus, to encrypt the backup files? or should i
'unmount' the disk and 'mount' again to make the next backup?

And what system accounts are allowed to use these folders? If i force my way in then
something [account] is added and i do not get a warning message.

Link to comment
Share on other sites

Tripredacus

Tripredacus

Posted
Posted

Does icacls still work in Windows 10? I tried a command like this: 

C:\windows\system32>icacls msiexec.exe.log
msiexec.exe.log NT AUTHORITY\SYSTEM:(I)(F)
                BUILTIN\Administrators:(I)(F)
                BUILTIN\Users:(I)(RX)

Successfully processed 1 files; Failed processing 0 files
Link to comment
Share on other sites
joshee

joshee

Posted
  • Author
Posted
34 minutes ago, Tripredacus said:

Does icacls still work in Windows 10? I tried a command like this: 


C:\windows\system32>icacls msiexec.exe.log
msiexec.exe.log NT AUTHORITY\SYSTEM:(I)(F)
                BUILTIN\Administrators:(I)(F)
                BUILTIN\Users:(I)(RX)

Successfully processed 1 files; Failed processing 0 files

I would have to see if that is still there. Is that related to my initial question in anyway?

Link to comment
Share on other sites
joshee

joshee

Posted
  • Author
Posted
1 hour ago, Tripredacus said:

It will show which accounts have access to these folders and what permissions they are granted.

Thank you Tripredacus and interesting too. I will check/save this tip. I am also hoping to find out if a ransomware virus can encrypt the content of these backup files. Hope not because as a non admin user i am not even allowed to look inside. Just trying to solve a problem before it comes up.

Link to comment
Share on other sites
HarryTri

HarryTri

Posted
Posted
12 hours ago, joshee said:

Is it still possible, for a ransomware virus, to encrypt the backup files? or should i
'unmount' the disk and 'mount' again to make the next backup?

If you want to be 100% sure about this safety issue it is advised to unmount the external disk between the backups (however a good antivirus program should be enough protection).

Link to comment
Share on other sites
joshee

joshee

Posted
  • Author
Posted
59 minutes ago, HarryTri said:

If you want to be 100% sure about this safety issue it is advised to unmount the external disk between the backups (however a good antivirus program should be enough protection).

Thank you HarryTri, That is the best and easy enough via the device manager. I just would need a solution for FileHistory then. It is using the disk all the time and that is why i am asking here...If the permission settings are good enough then i can sleep fine and dream well. I do not own a ransomware virus to test it but i will if i find one.

Link to comment
Share on other sites
HarryTri

HarryTri

Posted
Posted

On Windows 8 you can unmount the FileHistory disk and mount it again whenever you want and backup your files manually. It just backups the changed files since the previous backup and you have the option to delete the backups that are older than e.g. one month or delete all the older backups and keep only the latest ones. Can't you do the same on Windows 10?

Link to comment
Share on other sites
joshee

joshee

Posted
  • Author
Posted
3 minutes ago, HarryTri said:

On Windows 8 you can unmount the FileHistory disk and mount it again whenever you want and backup your files manually. It just backups the changed files since the previous backup and you have the option to delete the backups that are older than e.g. one month or delete all the older backups and keep only the latest ones. Can't you do the same on Windows 10?

I would have to check This for w10. At the moment i am on w8.1 using the windows7 Back-up function. 

Link to comment
Share on other sites
joshee

joshee

Posted
  • Author
Posted

I installed a new usb3 disk just for the windowimagebackup files and will unmount/mount the drive but that would mean manual management while I liked the automated function of backing up the c and d drive every Sunday. I have an older laptop w win7 and see if I can get a ransomware virus off the net. I like testing anyway. 

Link to comment
Share on other sites
joshee

joshee

Posted
  • Author
Posted (edited)
41 minutes ago, jaclaz said:

Well, you can surely script the disconnection and maybe also script the re-connection, have a look at Uwe Sieber tools:

http://www.uwe-sieber.de/english.html

http://www.uwe-sieber.de/drivetools_e.html

jaclaz
 

Just found a link in the search engine that i will look at too https://technet.microsoft.com/en-us/library/cc742083(v=ws.10).aspx?f=255&MSPPError=-2147217396

I saved your tips and will visit the site. It looks like i can automate the system image by using

wbAdmin start backup -backupTarget:E: -include:C:,D:,S: -allCritical -quiet

Found this on https://www.howtogeek.com/167984/how-to-create-and-restore-system-image-backups-on-windows-8.1/

Thank you for the help :-)

Edited by joshee
typo
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...