These settings are used to enable or disable CryptoSafeGuard, configure SMS notifications and manage the CryptoSafeGuard whitelist.
To configure CryptoSafeGuard in BackupAssist:
- Select BackupAssist’s Settings tab.
- Select CryptoSafeGuard.
- Make the required changes as outlined in the sections below.
Disabling and Enabling CryptoSafeGuard
Removing the tick from the box beside Enable CryptoSafeGuard protection will disable CryptoSafeGuard. Ticking this box will enable CryptoSafeGuard.
If CryptoSafeGuard is disabled, all jobs will be automatically unblocked if they are currently blocked due to a potential ransomware infection.
SMS notification tab
If you set up SMS notifications, SMS alerts will be sent when CryptoSafeGuard detects a possible ransomware infection.
To set up SMS notifications, simply enter the phone number that is to receive the notifications into this field using the standard international phone number format +<country code><mobile phone number>.
Use this optional field to enter an identifier or description for this machine. This is especially useful if you manage a lot of servers and need to know exactly what server the message came from.
Send Test SMS
The Send Test SMS button will become active once a phone number has been entered in the correct format. Click Send Test SMS and a test message will be sent to that phone.
If you respond to a CryptoSafeGuard alert by whitelisting files, directories or file extensions, you can review and change your whitelist using the Whitelist tab. You can also add entries without an alert, but it is recommended that you use the alert list to inform your whitelisting decisions. All whitelisted files, directories and file extensions are excluded from CryptoSafeGuard's scans.
Four fields are used to manage the whitelist and each is explained below. Any changes to the whitelist applies to all backup jobs.
Ignored File Extensions
This field is used to manage whitelisted file extensions. Selecting Edit will allow you to manually edit the extension. Use the Delete button to remove the selected file extension. To add an extension, click the + Add button, type the file extension into the field provided and click Add again. Do not enter multiple extensions as a single entry, and do NOT include periods or wildcard symbols. For example, you would enter txt not .txt or *.txt.
This field is used to add and manage whitelisted directories. All files within the directory and its subdirectories will be excluded from CryptoSafeGuard's scans. Selecting Edit will allow you to manually edit the directory and its path, or browse to and select a new directory. Use the Delete button to remove the selected directory. To add a directory, click the + Add button, browse to the directory and click Add again.
Ignored File Paths
This field is used to add and manage whitelisted files using the file's path and name. Selecting Edit will allow you to manually edit the file name and path, or browse to and select a file in a different location. Use the Delete button to remove the selected file from the list. To add a new file, click the + Add button, browse to the file, select it and click Add.
Ignored File Names
This field is used to add and manage whitelisted file names with no file path. This allows you to whitelist a file that can be in different locations. For example, you could whitelist a file that is stored in a user profile. Selecting Edit will allow you to manually edit the file name. Use the Delete button to remove the selected file name. To add a file name, click the + Add button, type the file name into the field provided and click Add again.
Note: It is important to only whitelist files that create, or are expected to create, false-positive responses when the scan runs.
CryptoSafeGuard's Shield is a feature that prevents ransomware from spreading to your backup destinations and CryptoSafeGuard's configuration files. The Shield is enabled by default and only allows BackupAssist processes and accounts to create, delete or modify data in these locations.
This tab allows you to disable the CryptoSafeGuard Shield, by deselecting the Enable Shield tick box. You can also disable the Shield just for the configuration files by deselecting the Protect BackupAssist configuration files tick box.
Deselecting Enable Shield will disable the CryptoSafeGuard Shield feature, which we do not recommend unless you are troubleshooting a problem and have consulted with BackupAssist Technical support.
Note: You will need to disable the Shield if you want to modify any configuration files and any data in the backup destination.
To learn more, see BackupAssist CryptoSafeGuard
Note: When your backup destination is a NAS or network share, it should be secured using best practice data security. This means only machines running BackupAssist and CryptoSafeGuard should have access to the folders that the backups are in, and those folders should only allow access to the Backup User Identity.