Does Windows 10 File History protect against crypto malware
Is the saved data generated by Windows 10's file history feature isolated from users and administrators? I'm asking this after reading of the recent crypto attack against OSX machines where time machine backups were safe because the files are only accessible to a special user and even with access to the drive the malware wasn't able to encrypt time machine's data store.
I was wondering if Windows 10's feature provides similar protection. There is a similar question to this but the answers simply suggest different backup strategies and don't actually answer the question.
note: I realize that the most secure solution involves backing up to drives that are physically disconnected, there's no need to suggest that - I'm only looking for a specific answer to this question
Solution 1:
Not with the newer variants of the common ransomware schemes. One of the first things they'll do is trash the backup copies of files before encrypting the primary ones.
If your key is not available using the above methods, the only methods you have of restoring your files is from a backup or Shadow Volume Copies if you have System Restore enabled. Newer variants of CryptoLocker attempt to delete the Shadow Copies, but it is not always successful. More information about how to restore your files via Shadow Volume Copies can be found in this section below.
It appears the method used by the malware to disable the history feature (shadow copies, internally) isn't always successful, but it's hardly worth relying on.
Considering there is malware running with permissions to touch every file on your computer, you really can't trust any of your computer's defense mechanisms to stop the process once it's been activated. The only sure way to avoid these problems is to not execute the malware in the first place.