# Frequently Asked Questions (FAQ) ## Specifications & Settings ### Which Windows versions do Anti-Ransomware and Next-Gen Antivirus support? They are currently available for the Windows OS versions as follows: Windows 11, Windows 10, Windows 8.1, Windows 8, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows Server 2025 Datacenter Azure Edition, Windows Server 2025 Datacenter Edition (arm64), Windows Server 2025 Datacenter Edition, Windows Server 2025 Essentials Edition, and Windows Server 2025 Standard Edition. ### Is Anti-Ransomware supported in macOS and Linux? Anti-Ransomware currently supports only the Windows operating system. ### Does Endpoint Central's Malware Protection work even when the device is offline? Endpoint Central's Malware Protection offers offline native protection, allowing devices to be continuously monitored even when they are not connected to the network. This is possible since Malware Protection is not cloud dependent, and unlike traditional antivirus solutions, there is no need to update signature files on a regular basis. [Refer here](https://www.manageengine.com/products/desktop-central/help/edr/offline-protection.html) for more information. ### How frequently are Malware Protection definitions updated? Malware Protection definitions are updated on a weekly basis for behavior rules and on a monthly basis for the ML malware engine model. ## Next-Gen Antivirus ### How to generate first detection in Next-Gen Antivirus? To generate the first detection in NGAV, kindly follow the steps listed in this [page](https://www.manageengine.com/products/desktop-central/help/edr/malware-simulator.html). Also, navigate to the Settings tab and locate the "Notification Settings". Within this section, enable the "User Device Alert Notification" option to receive real-time notifications in the endpoints regarding security events. ## Anti-Ransomware ### How to test the functionality of Anti-Ransomware? Kindly follow the steps given on this [page](https://www.manageengine.com/products/desktop-central/help/edr/ransomware-simulator.html) to run the Ransomware Simulator. ### On what basis is the path of the bait files for the Decoy-file based protection in the endpoints defined? Decoy files protect endpoints against ransomware and add a layer of protection. A set of decoy files is present on all managed endpoints to serve as bait, and in the event of any suspicious activity, such as encryption of the decoy files, an immediate alert is issued, indicating a potential ransomware attack. Upon studying ransomware attacks, we have strategically placed these files in various folders across all managed endpoints. This proactive measure ensures that if the decoy files are encrypted, timely alerts are sent to the administrator for prompt response and mitigation. The bait files' names are "database.docx", "ME.txt", and "screenshoot.jpg". ### Are there any other detection methods besides Decoy-file based Detection? Decoy/Bait file based detection is one of the several detection methods used by Anti-Ransomware. The core engine of detection is the behavior-based ransomware motive detection along with four accuracy improvement patented layers. For more information, kindly refer to this [page](https://www.manageengine.com/products/desktop-central/help/edr/anti-ransomware.html). ### Can Anti-Ransomware protect against file-less attacks? File-less attacks are particularly difficult to detect since they leave little or no trace on the system. However, Anti-Ransomware's patented ML-assisted behavior detection technique makes it possible to detect file-less attacks on the network. ### Does Anti-Ransomware scan the endpoints periodically? No, Anti-Ransomware does not scan the systems periodically. Rather, it conducts a real-time analysis of the systems, continuously monitoring them in order to detect and report a ransomware attack as quickly as possible. ### How much network bandwidth is consumed by the Anti-Ransomware agent? The network bandwidth consumption of Anti-Ransomware is nil. This distinguishes Anti-Ransomware from other cloud-based EDR and Anti-Virus solutions because there is no need to often fetch signature database files, which cuts network traffic. ### How to prevent the user from stopping/killing the Anti-Ransomware agent? Anti-Ransomware employs anti-hook and anti-kill methods to keep users from killing the agent. ### How can the administrator stop the Anti-Ransomware agent? The administrator can stop the agent from the server console by disabling Anti-Ransomware. ### Why is the recovered file a 3 hour older version? [Microsoft's Volume Shadow Copy Service (VSS)](https://learn.microsoft.com/en-us/windows-server/storage/file-server/volume-shadow-copy-service) is utilized to obtain shadow copies of the data stored on your device, every three hours. As a rest, the recovered file is from the most recent backup cycle, which could be 3 hours old. ### Where is the data backup of Anti-Ransomware stored? The backup files are stored on the hard-disk of the endpoint itself. These files are protected by a patented tamper-proof technology. ### How much disk space does the Anti-Ransomware's VSS backup use? By default, 10% of the disk space is used by the Windows VSS Service for backup functions. ### What happens if there is insufficient disk space for the VSS backups? When the Shadow Storage reaches its capacity, the oldest shadow copy will be deleted to accommodate the new one and optimize storage usage. ### Will Anti-Ransomware conflict with other VSS-based applications? No major conflicts are expected. It is designed to coexist with other VSS-based applications, including backup solutions. The only enforced restriction is that other applications cannot reduce the VSS storage allocation below 10% on protected volumes. ### How to restore files encrypted by ransomware when Anti-Ransomware has not raised any alerts? The files encrypted by ransomware can be restored as long as backup is available, even if the incident was not raised as an alert.