1

I'm currently thinking about a proper defense strategy against ransomware. As a result of this I would like to myself (a standard local user, not an admin) with write access to as many locations as possible, including the backup target location if possible.
Part of this are of course the regular backups. I know that I can use duplicati, run as service / scheduled task to backup everything as admin or SYSTEM. Now I prefer Window's built-in File History feature because of the convenience.

Does the Windows File History feature honor NTFS access restrictions when doing a backup?
 Or formulated differently: Does the backup function also backup the current restrictions and as which user does it try to access the backup target location?

Improve this question
4
  • You do understand part of what ransomware will do is just delete the file history right? The proper protection against ransomware is to have an offline backup of your data.
    – Ramhound
    Commented Mar 3, 2016 at 12:27
  • @Ramhound, I do understand this and that's why I'm asking. I want to better understand how File History interoperates with the Windows security system and whether I can safely block myself from write (+ delete access?) for the target location and still enjoy having regular updates. Of course I do also take additional measures against ransomware (like latest OS, latest AV, frequent off-line backups (via File History) and frequent off-site backups (with duplicati))
    – SEJPM
    Commented Mar 3, 2016 at 13:16
  • If you have write access to your file history to create it malware can wipe it. File history alone is not enough to be consider a backup, it's a "oops I made a mistake" type backup
    – Ramhound
    Commented Mar 3, 2016 at 13:38
  • @Ramhound, that's kinda of my question, does Windows use SYSTEM, the logged in user, "Administrator" or the local service account for File History? Depending on what is used I can adapt my access restrictions, but beforehand it wuld be nice to know. And BTW thank you for the clarification that Windows' File History isn't designed to be a full backup tool. I always thought that.
    – SEJPM
    Commented Mar 3, 2016 at 15:32

1 Answer 1

Reset to default
1

The File History Service which is responsible for the File History runs as local system but to copy the files for various different users, it impersonates each user, so it is actually using the user's permissions to write/copy the files.

So File History is not a defence against Ransomware.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .