joshee Posted March 2, 2017 Posted March 2, 2017 On my external disk i have a 'WindowsImageBackup' and 'FileHistory' folder and as a user i am not allowed to look in these folders. I even can not see what permissions are given. Is it still possible, for a ransomware virus, to encrypt the backup files? or should i 'unmount' the disk and 'mount' again to make the next backup? And what system accounts are allowed to use these folders? If i force my way in then something [account] is added and i do not get a warning message.
Tripredacus Posted March 2, 2017 Posted March 2, 2017 Does icacls still work in Windows 10? I tried a command like this: C:\windows\system32>icacls msiexec.exe.log msiexec.exe.log NT AUTHORITY\SYSTEM:(I)(F) BUILTIN\Administrators:(I)(F) BUILTIN\Users:(I)(RX) Successfully processed 1 files; Failed processing 0 files
joshee Posted March 2, 2017 Author Posted March 2, 2017 34 minutes ago, Tripredacus said: Does icacls still work in Windows 10? I tried a command like this: C:\windows\system32>icacls msiexec.exe.log msiexec.exe.log NT AUTHORITY\SYSTEM:(I)(F) BUILTIN\Administrators:(I)(F) BUILTIN\Users:(I)(RX) Successfully processed 1 files; Failed processing 0 files I would have to see if that is still there. Is that related to my initial question in anyway?
Tripredacus Posted March 2, 2017 Posted March 2, 2017 8 hours ago, joshee said: i am not allowed to look in these folders. I even can not see what permissions are given. It will show which accounts have access to these folders and what permissions they are granted.
joshee Posted March 2, 2017 Author Posted March 2, 2017 1 hour ago, Tripredacus said: It will show which accounts have access to these folders and what permissions they are granted. Thank you Tripredacus and interesting too. I will check/save this tip. I am also hoping to find out if a ransomware virus can encrypt the content of these backup files. Hope not because as a non admin user i am not even allowed to look inside. Just trying to solve a problem before it comes up.
HarryTri Posted March 2, 2017 Posted March 2, 2017 12 hours ago, joshee said: Is it still possible, for a ransomware virus, to encrypt the backup files? or should i 'unmount' the disk and 'mount' again to make the next backup? If you want to be 100% sure about this safety issue it is advised to unmount the external disk between the backups (however a good antivirus program should be enough protection).
joshee Posted March 2, 2017 Author Posted March 2, 2017 59 minutes ago, HarryTri said: If you want to be 100% sure about this safety issue it is advised to unmount the external disk between the backups (however a good antivirus program should be enough protection). Thank you HarryTri, That is the best and easy enough via the device manager. I just would need a solution for FileHistory then. It is using the disk all the time and that is why i am asking here...If the permission settings are good enough then i can sleep fine and dream well. I do not own a ransomware virus to test it but i will if i find one.
HarryTri Posted March 3, 2017 Posted March 3, 2017 On Windows 8 you can unmount the FileHistory disk and mount it again whenever you want and backup your files manually. It just backups the changed files since the previous backup and you have the option to delete the backups that are older than e.g. one month or delete all the older backups and keep only the latest ones. Can't you do the same on Windows 10?
joshee Posted March 3, 2017 Author Posted March 3, 2017 3 minutes ago, HarryTri said: On Windows 8 you can unmount the FileHistory disk and mount it again whenever you want and backup your files manually. It just backups the changed files since the previous backup and you have the option to delete the backups that are older than e.g. one month or delete all the older backups and keep only the latest ones. Can't you do the same on Windows 10? I would have to check This for w10. At the moment i am on w8.1 using the windows7 Back-up function.
joshee Posted March 3, 2017 Author Posted March 3, 2017 I installed a new usb3 disk just for the windowimagebackup files and will unmount/mount the drive but that would mean manual management while I liked the automated function of backing up the c and d drive every Sunday. I have an older laptop w win7 and see if I can get a ransomware virus off the net. I like testing anyway.
jaclaz Posted March 3, 2017 Posted March 3, 2017 Well, you can surely script the disconnection and maybe also script the re-connection, have a look at Uwe Sieber tools: http://www.uwe-sieber.de/english.html http://www.uwe-sieber.de/drivetools_e.html jaclaz
joshee Posted March 3, 2017 Author Posted March 3, 2017 (edited) 41 minutes ago, jaclaz said: Well, you can surely script the disconnection and maybe also script the re-connection, have a look at Uwe Sieber tools: http://www.uwe-sieber.de/english.html http://www.uwe-sieber.de/drivetools_e.html jaclaz Just found a link in the search engine that i will look at too https://technet.microsoft.com/en-us/library/cc742083(v=ws.10).aspx?f=255&MSPPError=-2147217396 I saved your tips and will visit the site. It looks like i can automate the system image by using wbAdmin start backup -backupTarget:E: -include:C:,D:,S: -allCritical -quiet Found this on https://www.howtogeek.com/167984/how-to-create-and-restore-system-image-backups-on-windows-8.1/ Thank you for the help :-) Edited March 3, 2017 by joshee typo
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now