In the event of a ransomware attack, backups can be a life saver – or, more accurately, a data saver. But what if your backups get deleted or encrypted? This has become a standard tactic in ransomware attacks and it can leave you without any way to recover your files – except for paying the ransom, that is, but nobody wants to be forced to do that. This is where our new Rollback feature comes into play. You can think of it as a bacon-saving backup for your backups.
Rollback is a feature of the Endpoint Detection and Response (EDR) component of Emsisoft Enterprise Security, and here’s how it works. If a potential incident is identified by MITRE rules, a backup of any files which are altered during that incident will be automatically created, enabling you to easily and quickly revert the system to the prior state in the event of unwanted changes. The backups are not Volume Shadow Copy snapshots – which ransomware can also delete – and are safely stored in a secure vault which cannot be deleted or encrypted.
If you need to revert a system to a previous state, simply go to the Incidents panel in your workspace, select the incident and click the ‘Remediate’ button. If Rollback is available for that incident, the “Remediation” dialog will provide the required options to undo whatever changes the untrusted program made.
We should say here that our products are specifically designed to stop ransomware in its tracks, long before it can encrypt your files, and this means you’ll almost certainly never need to use Rollback. We’ve developed the feature simply as a safety net that provides you with an additional recovery option in the very – very – unlikely event that an attack succeeds.
Some important points:
- Rollback is not enabled by default. To enable it, go to the protection policies section of your workspace, select a group policy, navigate to the ‘EDR’ section, and change the Rollback setting to “On.”
- The feature may have some impact on system performance, and so you may wish to enable it only on high priority systems.
- Only untrusted programs trigger the creation of backups. Programs from trusted vendors that have been properly digitally signed do not.
- Rollbacks can only be initiated via your workspace/MyEmsisoft, and not via the desktop app.
We’re also introducing a new Remediation History feature. Accessed via the Incidents panel, it’s a scrollable log which shows all remediation actions that were taken on all devices in your workspace in relation to any specified threat. The feature makes it easy for you to see exactly what actions were taken in response to any particular incident.
All enhancements and improvements in a nutshell
Device protection (desktop)
- Improvements to the Behavior Blocker
- Several other minor tweaks and fixes
Management console (web app)
- Rollback functionality
- Remediation history
- Several other minor tweaks and fixes
How to obtain the new version
So long as you have auto-updates enabled, you will receive the latest version automatically during your regularly scheduled updates.
Emsisoft Enterprise Security + EDR
Robust and proven endpoint security solution for organizations of all sizes. Start free trialNote to Enterprise users: If you have chosen to receive “Delayed” updates, client systems will receive the new version no earlier than 30 days after the regular “Stable” availability.