Kaspersky
Question

System Watcher Rollback & Nueshield Data Sentinel

  • 12 June 2020
  • 6 replies
  • 73 views

Userlevel 2
Badge

Windows 10 Pro 1909 - Security Cloud Free 20.0.14

Could you please clarify what the rollback element of System Watcher is designed for?

Will it ‘restore’ altered system files, only encrypted personal files or both after a ransomware attack?

Is it designed to handle only a small number of files ‘missed’ before the ransomware could be blocked, or is it capable of handling a far larger number of files? Are files restored from a ‘cache’ and are there any file size limits other than available hard drive space? Is file rollback protection applicable to files on any connected drive or only the C drive?

I ask because I’m considering NeuShield Data Sentinel as a companion to Security Cloud Free. Data Sentinel doesn’t block ransomware but creates an overlay ‘above’ each file that the ransomware encrypts instead, permitting the original file to be restored. I wasn’t sure whether this might conflict with System Watcher, provide an additional level of protection, or be a waste of effort!

 

Thanks for any Thoughts


6 replies

Userlevel 7
Badge +8

Hello @Thoughts,

Welcome!

Thank you:pray_tone3:

Flood:whale:

Resources:

Kaspersky Security Cloud System Watcher

Kaspersky Security Cloud System Watcher settings

Kaspersky Security Cloud, limitations of System Watcher functionality

Kaspersky Security Cloud, Application activity log

Userlevel 2
Badge

Thank you for the information. So I assume Data Sentinel and other software NOT on that list are simply ‘untested’ in relation to compatibility with Security Cloud Free? You only have list of software that does NOT work. There is not a list, of related software, that is know to safely work alongside Security Cloud Free?

You stated System Watcher settings cannot be modified if using Kaspersky Security Cloud Free.

I was aware in older versions of Security Cloud Free the controls were greyed out. But in the latest version I’m using, all System Watcher settings are green as normal and switchable. Are you saying the switches move but do nothing, or were you simply copying text from replies relating to older software? In the System Watcher settings page I was able to alter the key combination, used to close screen lockers, so those settings appear to operate correctly.

Userlevel 7
Badge +8

Hello @Thoughts,

You’re welcome:slight_smile: !

  • Re “There’s not a list, of related software, that is know to safely work alongside Security Cloud Free?

No.

  • Re “You stated System Watcher settings cannot be modified if using Kaspersky Security Cloud Free”.

You cannot modify System Watcher settings if you are using Kaspersky Security Cloud Free.

 

 

  •  Were you simply copying text from replies relating to older software? 

No. 


If you’ve found otherwise, it’s possible Kaspersky’s documentation (Latest update: 2019 Jul 18 ID: 14689) is out dated, wouldn't be the first time:thinking:

Thank you:pray_tone3:

Flood:whale:

Userlevel 2
Badge

Thank you for a very swift response!

Attached are two screenshots from my System Watcher settings page. As you’ll see the settings are available and in the second screen shot I temporarily changed the Automatic Exploit Prevention option from its default automatic setting to the Block action option. The screen locker key combination can also be set up with a different F key and Kaspersky responds as expected to the new combination..

First image default, second image modified setting.

As an aside are you aware of any software for testing ransomware protection and specifically the rollback element of System Watcher? Without it being actual ransomware! Neushield has their own software that can encrypt a folder to test out its file restoration operation and I wasn’t sure whether such software existed to test out Kasperky’s rollback feature.

Final question if I may, any drop in protection in changing full scan to scan new and modified files only?

 

Thank you again.

Userlevel 7
Badge +8

Hello @Thoughts,

You’re very welcome:relaxed: !

As per our previous reply, if you’ve found otherwise, it’s possible Kaspersky’s documentation is out dated

  • Re “Are you aware of any software for testing ransomware protection and specifically the rollback element of System Watcher?

No.

  • Re “Any drop in protection in changing full scan to scan new and modified files only?”

Kaspersky recommends performing a Full scan after installing any Kaspersky software, beyond that, select settings to suit your requirements; personally, we’ve never experienced any drop in protection using “scan new and modified files only”. 


Additional tip - in all Kaspersky software, selecting the question mark, at the top righthand corner of every GUI window, opens a browser to the Help documentation, specific to window being queried

 

 

Thank you:pray_tone3:

Flood:whale:

Userlevel 2
Badge

Thank you once again.

Reply / Ответить