Anti-ransomware aggressive mode files backup issues

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Anti-ransomware aggressive mode files backup issues

L1 Bithead

Hi to everyone.

 

We have anti-ransomware feature set in "aggressive mode" 

 

The aggresive mode files cause the backup software of PCs to fail, and thousands of "There was a general error processing this file. Please retry it and if the problem persists, contact your system administrator." issues per computer in the backup console.

 

Is there any way to avoid this without disabling the aggressive mode?

 

Has anyone experienced similar problems?

 

Best regards.

 

 

2 REPLIES 2

L4 Transporter

Hi @Edgar_Lapuerta,

 

Thanks for reaching out on LIVEcommunity.  I understand you're having issues with backing up in your environment with your ransomware feature set to "aggressive mode".

Screen Shot 2023-02-27 at 8.26.48 AM.png

 

Please not that when Protection Mode is set to Aggressive you're greeting this with warning "Aggressive Protection Mode may have an impact on applications in your environment and users may view decoy files that they would not see in Normal mode."  An important things to remember is what ransomware activity looks like in the wild.  Threat Actors gain access and then attempt to exfiltrate data in numerous ways.  They often use legitimate software found in your environment to help them achieve their goal and remain unseen.  Most backup solutions tend to work in a similiar way.  By transferring large amounts of data from several endpoints it's often hard to tell what is legitimate backup activity and what is data exfiltration.  


For this particular issue I'd recommend reaching out to you backup vendor and asking for exceptions you can add to Cortex XDR to allow it to run.  If the vendor is unable to help you can reach out to support and ask for a Support Exclusion.  I'd recommend either of these courses of action with one caveat.  If you add an exception for this software you may lose visibility if any threat actor is able to use the same software for data exfiltration. 

 

I hope this information helps.  Please reach out if you have any other issues we may be able to help with and have a great day!

Hy Anlynch,

 

Thanks for your answer, but I think I didn't explain myself well.

 

The backup software is running OK, but it is struggling to backup the Cortex XDR decoy files. 

 

There are many files in different folders that backup software can not copy to the cloud.

 

Backup.PNG

General backup is working OK, but logs are full of these errors and some backup clients crash from time to time.

 

Any suggestions?

 

Best regards.

  • 1103 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!