The rollback feature leverages built-in capabilities in Microsoft's Windows and Apple's OS X. Both operating systems take snapshots of files on a computer. In Windows, it's known as Volume Shadow Copy Service and on OS X as journaling. The technologies are used for restoring systems. The snapshots of the files are kept in a secure area and wouldn't be affected by ransomware if it infected a machine. Gemmell said. SentinelOne is also adding some anti-tampering defenses to make sure the snapshots aren't affected From the above, it is obvious the author has no idea how ransomware i.e. CryptoLocker variants work. Most will execute one of the following commands depending on delivery method used to delete all volume shadow copies: C:\Windows\syswow64\vssadmin.exe Delete Shadows /All /Quiet C:\Windows\System32\vssadmin.exe Delete Shadows /All /Quiet C:\Windows\syswow64\vssadmin.exe vssadmin.exe Delete Shadows /All /Quiet C:\Windows\System32\vssadmin.exe vssadmin.exe Delete Shadows /All /Quiet Any anti-exec or HIPS can monitor those commands. Or, just rename vssadmin.exe as bleepingcomputer.com recommends here: http://www.bleepingcomputer.com/news/security/why-everyone-should-disable-vssadmin-exe-now/
This is an enterprise solution. They don't disclose price so it's probably out of the home user range. Pete
A bit OT, but seems like SentinelOne guarantees that they can stop all ransomware variants. But just what were they thinking when they decided to put that hideous looking snake on the homepage? https://sentinelone.com/ https://sentinelone.com/ransomware-cyber-guarantee/
They probably put System Restore and Shadow Copies in an encrypted folder. Ransomware can only infect what it can see. Even if it encrypts all your files, your Restore snapshots and stored data are still unaffected. So in theory, you can go back in time before you were infected. You just will lose more recent work unless you already backed it up before the ransomware hijacked your system. SentinelOne offers an interesting approach to thwarting a zero day threat.
