How ransomware protection works in Bitdefender 2017
Bitdefender 2017 gives you powerful protection against the growing threat of ransomware, a type of malicious attack that encrypts and denies access to your most precious files, such as family photos and important text documents, and demands ransom for their release.
Whenever any suspicious pattern of activity emerges on an endpoint, samples are sent to Bitdefender cloud. The sample is automatically analyzed in the cloud and if it’s found to be ransomware, a signature is generated and pushed in less than 30 minutes.
After the signatures gets pushed, propagation takes approximately 3 hours to get on all endpoints via product update.
To minimize the propagation windows, a similarity hash will be calculated for locally executed files and compared to the cloud. If there’s a match with a sample that’s already been tagged as ransomware, but has not yet been delivered to endpoints via update, it will automatically be blocked from executing. This will offer the best minimum reaction time.
Folders that are protected by default (both user and public):
- Cloud storage folders (for most popular online storage) - Dropbox, Box, OneDrive, Google Drive
NOTE: Custom folders can be protected only for current users. System and applicationfiles cannot be added to exceptions.
By default, Bitdefender allows all programs that are digitally signed to bring changes to the folders protected by Ransomware Protection. This is why you are able to modify the protected folders. More about what digitally signed software is can be found here.
Executables that are trying to modify the content of a folder protected by Ransomware Protection and do not have a digital signature are always blocked and can be found under Blocked applications from View Modules -> Ransomware Protection. If you trust such a program and you want it to be able to access the protected folders you can whitelist it from the Blocked applications list and it will then populate the Trusted applications list.
How to configure Trusted applications list:
In order to disable ransomware protection for specific applications, you have to be careful to add only the apps you actually trust.
To add trusted applications to exclusions, follow these steps:
1. Click the Protection icon on the Bitdefender interface.
2. Click on the View modules button.
3. Under the Ransomware Protection module, select Trusted applications.
4. Click Add and browse to the applications you want to un-block
5. Click OK to add the selected application to the list.
NOTE: If your application is blocked and you want to unblock it, just go to the Blocked applications list, select your application and then select Allow. The application will automatically be moved in the Trusted applications list.