You are unable to recover some files after a ransomware attack.
The file changes that take place between the most recent backup cycle and the ransomware attack are not recorded.
The VSS backup is taken once every three hours. Shortening the backup cycle causes storage limitations. Therefore, the file is reverted to the copy from the most recent backup cycle and the intermediate changes are lost.
You are unable to delete VSS snapshots from protected endpoints.
Anti-Ransomware's VSS snapshots are made tamper-proof and cannot be modified or erased.
This is an essential feature of Anti-Ransomware, necessary for a reliable backup in the event of a ransomware attack.
Deleted "sample files" placed at %USERPROFILE%/downloads/, %USERPROFILE%/documents/ are recreated. Why?
These files serve as trap files for ransomware detection.
These files act as a secondary detection layer. These files are set as trap files for detection of ransomware attacks and hence will be recreated. Therefore, these sample files are not to be deleted while Anti-Ransomware protection is active.
Why is 10% of the volume space occupied by VSS and is it possible to alter it?
Windows uses 10% of the disk volume space to store shadow copies, by default. When the 10% limit is met, the oldest shadow copy will be erased and replaced with a new one.
To protect the backups, the users are not allowed to alter shadow storage below 10%. If the shadow storage is below 10%, it is resized to 10%.
