*.One File Extension

[jakemm]

*.one is included in the list of extensions. This is the extension used by Microsoft OneNote.

[ruudmens]

Same issue here. *.one needs to be removed from the list.

[Gaz1986]

Add to SkipList.txt or in your deployment scripts add to the end:

filescrn.exe filegroup modify /filegroup:"CryptoBlocker1" /Nonmembers:".one" filescrn.exe filegroup modify /filegroup:"CryptoBlocker2" /Nonmembers:".one" filescrn.exe filegroup modify /filegroup:"CryptoBlocker3" /Nonmembers:".one" filescrn.exe filegroup modify /filegroup:"CryptoBlocker4" /Nonmembers:".one" filescrn.exe filegroup modify /filegroup:"CryptoBlocker5" /Nonmembers:"*.one"

[ruudmens]

Workaround for Powershell : Set-FsrmFileGroup -name "Anti-Ransomeware File Groups" -ExcludePattern @("*.one")

[jakemm]

@ruudmens That is a workaround not a solution. *.one is a false positive and should be removed from the default list.

[ruudmens]

@jakemm agreed, it should be fixed. Comment was intended as workaround ;)

[JustinCochran]

I don't agree that it should be removed. .one is used by viruses as well as OneNote. Part of the script allows for exclusions as a feature, This feature should be used on a deployment by deployment basis to exclude what each company wants to exclude.

What if a real product started using another extension, such as .coin. Should that then get removed from the list all because a software application started to use?

What about the companies that use other products besides OneNote, Should they be vulnerable?

[jakemm]

@JustinCochran Are you kidding me? Might as well add .txt and .docx as well...

[nexxai]

This has already been discussed in previous issues. We will not be removing *.one from the list. A SkipList feature was built specifically for this purpose. If you choose not to use it, that is your decision, but we will not be removing it from our list.