Closed jakemm closed 6 years ago
Same issue here. *.one needs to be removed from the list.
Add to SkipList.txt or in your deployment scripts add to the end:
filescrn.exe filegroup modify /filegroup:"CryptoBlocker1" /Nonmembers:".one" filescrn.exe filegroup modify /filegroup:"CryptoBlocker2" /Nonmembers:".one" filescrn.exe filegroup modify /filegroup:"CryptoBlocker3" /Nonmembers:".one" filescrn.exe filegroup modify /filegroup:"CryptoBlocker4" /Nonmembers:".one" filescrn.exe filegroup modify /filegroup:"CryptoBlocker5" /Nonmembers:"*.one"
Workaround for Powershell :
Set-FsrmFileGroup -name "Anti-Ransomeware File Groups" -ExcludePattern @("*.one")
@ruudmens That is a workaround not a solution. *.one is a false positive and should be removed from the default list.
@jakemm agreed, it should be fixed. Comment was intended as workaround ;)
I don't agree that it should be removed. .one is used by viruses as well as OneNote. Part of the script allows for exclusions as a feature, This feature should be used on a deployment by deployment basis to exclude what each company wants to exclude.
What if a real product started using another extension, such as .coin. Should that then get removed from the list all because a software application started to use?
What about the companies that use other products besides OneNote, Should they be vulnerable?
@JustinCochran Are you kidding me? Might as well add .txt and .docx as well...
This has already been discussed in previous issues. We will not be removing *.one from the list. A SkipList feature was built specifically for this purpose. If you choose not to use it, that is your decision, but we will not be removing it from our list.
*.one is included in the list of extensions. This is the extension used by Microsoft OneNote.