[Plugin] Ransomware Protection - Deprecated


Squid

Recommended Posts

9 hours ago, bobokun said:

So I uninstalled the plugin before forgetting to cleanup all the squidbait files. I'm trying to search for it in the community applications to install again so I can remove all the files/folders generated by the plugin but I can't seem to find it anymore. What's the best way to remove all these files/folders?

It should have automatically removed all of the files during the uninstall.

 

But, if (for whatever reason) you have files left over, you can just manually delete them.  Over the network, via Krusader, or at the command line.

Link to comment
  • 1 month later...
21 minutes ago, DZMM said:

I'm trying to install this on 6.5.2 but it's not showing up in CA (2018.09.01a)??

CA blocks new installs of it (because its been deprecated).  Only if you've previously had it installed will it allow you to reinstall.  It just doesn't work quite right under latter versions of unRaid.

  • Upvote 1
Link to comment
  • 4 months later...

@Squid After seeing it in your signature, I read through the first two pages of this thread, got all excited... then i found this:
 

On 9/11/2018 at 10:38 AM, Squid said:

CA blocks new installs of it (because its been deprecated).  Only if you've previously had it installed will it allow you to reinstall.  It just doesn't work quite right under latter versions of unRaid.

perhaps you could edit your signature to 
Others: Ransomware Protection (for older unraid very) or (deprecated) or (no new installs) or (legacy app)

p.s. Not trying to bash on you, just trying to save others from the allure of the oasis in the desert. hahaha 😉

Link to comment
3 minutes ago, nasforthemass said:

perhaps you could edit your signature to

Signatures are disabled by default on the forum software (unlike the previous forum software), so I and many many other users here can't be bothered to update them.

 

EDIT: done.  Removed the reference to Ransomware & Cleanup Appdata

Edited by Squid
  • Like 1
Link to comment
On 8/6/2018 at 8:57 AM, Squid said:

It should have automatically removed all of the files during the uninstall.

 

But, if (for whatever reason) you have files left over, you can just manually delete them.  Over the network, via Krusader, or at the command line.

Your tone implies this is a relatively straighforward step, but the thought of a hiccup leaving me with 700,000+ files to delete, strewn across hundreds of folders....is pretty intimidating.  Any suggestions to help ensure this doesn't happen?  Or some syntax to leisurely recover, if it does?

Link to comment
  • 10 months later...
  • 1 month later...

**For anyone that has a problem installing this to remove the files***

I have these .SquidBait files scattered all over my array.. what a mess!

 

find /mnt/user/* -name ".SquidBait*" -exec rm -fv {} \;

Bam no more :)

 

**Remove the -exec rm -fv {} \; part if you want to see their location to remove manually.

***Also, I just realized some are not hidden either so run that again using "Squidbait* without the dot "."

Edited by kilobit
updated command
Link to comment
  • 3 weeks later...
33 minutes ago, adoucette said:

Alas - I thought this was such a nice idea and a really nice implementation of it. Of course, doesn't stop all ransomware attacks, but certainly better than nothing! Really too bad this is now depreciated and there isn't an alternative. (or is there an alternative?)

Personally, I use windows defender and have added my server's shares to it's controlled folder access.  The attack vector is going to initiate via Windows / Mac (probably a Mac since they seem to think they're immune ;) ) so you're always best securing at the source 

 

Be pro-active rather than reactive...

Link to comment
  • 3 months later...

Personally I really liked the plugin. Even though it is clear that it does not provide 100% protection, and preventing ransomware in the first place is more important, I still felt that it provided an additional layer.

(seriously, we hear about a good number of malware designed to wait for a while and gather info about how to traverse any network locations available before launching an attack - so Unraid shares would be a target)

Wish it still worked, but had to disable it and uninstall as it stopped working for me a few Unraid versions ago.

Edited by adoucette
Link to comment
1 hour ago, adoucette said:

Personally I really liked the plugin. Even though it is clear that it does not provide 100% protection, and preventing ransomware in the first place is more important, I still felt that it provided an additional layer.

(seriously, we hear about a good number of malware designed to wait for a while and gather info about how to traverse any network locations available before launching an attack - so Unraid shares would be a target)

Wish it still worked, but had to disable it and uninstall as it stopped working for me a few Unraid versions ago.

Thanks for the info.  I figured any added layer of protection would be worth having.  

I didn't even think that it wouldn't work on newer versions of unraid.  Maybe @Squid can let us know if it'll still work.  

 

Link to comment
20 minutes ago, Squid said:

Or (assuming Windows), enable Ransomware Protection.  It will stop a program from rapidly changing multiple files, even to non-mapped network shares.

I've been trying to decide if i should uninstall norton (free with my isp) or keep it.  I cant run defender and norton at the same time.  

Link to comment
6 minutes ago, BRiT said:

Norton and Symantec are absolute trash. So many better alternatives out there. I still wouldn't use it when it was free from my ISP. But I understand the temptation to use what's free.

 

6 minutes ago, BRiT said:

Norton and Symantec are absolute trash. So many better alternatives out there. I still wouldn't use it when it was free from my ISP. But I understand the temptation to use what's free.

better off using windows defender?

Link to comment
  • 2 years later...

I know this thread is positively ancient, but I'm one of the apparently rare few still running this plugin on both my Unraid boxes running v6.11...and just testing it again now due to all the people saying it "doesn't quite work" low and behold modifying a single one of the bait files locked up my entire array, exactly as expected.

 

So as yet another person who really, really appreciated this plugin and was super bummed to see it go - was it ever explained what exactly "doesn't quite work right" with newer versions of Unraid?  I realize it's a reactive defense more so than proactive, but more than that it's a very realistic layer in a defense 'stack' so it's unfortunate seeing it gone.  Thanks!

Edited by d.ohlin
  • Thanks 1
  • Upvote 2
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.