Hi @Edgar_Lapuerta,
Thanks for reaching out on LIVEcommunity. I understand you're having issues with backing up in your environment with your ransomware feature set to "aggressive mode".
Please not that when Protection Mode is set to Aggressive you're greeting this with warning "Aggressive Protection Mode may have an impact on applications in your environment and users may view decoy files that they would not see in Normal mode." An important things to remember is what ransomware activity looks like in the wild. Threat Actors gain access and then attempt to exfiltrate data in numerous ways. They often use legitimate software found in your environment to help them achieve their goal and remain unseen. Most backup solutions tend to work in a similiar way. By transferring large amounts of data from several endpoints it's often hard to tell what is legitimate backup activity and what is data exfiltration.
For this particular issue I'd recommend reaching out to you backup vendor and asking for exceptions you can add to Cortex XDR to allow it to run. If the vendor is unable to help you can reach out to support and ask for a Support Exclusion. I'd recommend either of these courses of action with one caveat. If you add an exception for this software you may lose visibility if any threat actor is able to use the same software for data exfiltration.
I hope this information helps. Please reach out if you have any other issues we may be able to help with and have a great day!
Hy Anlynch,
Thanks for your answer, but I think I didn't explain myself well.
The backup software is running OK, but it is struggling to backup the Cortex XDR decoy files.
There are many files in different folders that backup software can not copy to the cloud.
General backup is working OK, but logs are full of these errors and some backup clients crash from time to time.
Any suggestions?
Best regards.
