Follow the steps below to follow this article experience new policies with to the Policies page.
If you have the new policies experience disabled, locate these policy settings by referring to Malwarebytes Nebula policy with new experience disabled.
Ransomware rollback settings
Locate the Ransomware Rollback settings within your policy
- Go toSettings>Policies.
- ClickNeueYou can also choose an existing policy.
- Choose theEndpoint Detection & ResponseTab.
- FindRansomware RollbackTo see the settings for each operating system, click here
This tool helps you recover from ransomware. It restores encrypted or damaged files from your local backups. These are the options available:
- Ransomware Rollback: Turns Ransomware Rollerback on or off
Ransomware Rollback can be enabled in advanced settings.
These are the options available in this section:
- Timeframe for rolling back determines how long Malwarebytes stores information within the cache. This setting increases the cache size on endpoints. The cache stores changes made within a specified time period. The default value for this parameter is 48 hours.
- Rollback free disk space quota: Sets the maximum amount of disk space that can be used for file backups. You can adjust the default setting to 30 percent or change it to 10-70%. This setting applies to all policy endpoints.
- File size for workstation rollbackFile size limits the files that can be saved to the cache. Files larger than the maximum file size are not backed up. The cache size for each server and endpoint increases by increasing the file size.
- To ensure sufficient space, we recommend monitoring the disk space on hard drives that are used as backup locations.
- To prevent problems with the operating system, each endpoint can only use a maximum of 30% amount of disk space. This number is dependent on the amount of disk space available. If the hard drive’s capacity decreases, the backup folder automatically resizes to keep the same percentage and deletes the oldest files to make room.
- Ransomware Rollback can only be configured by Super Administrators or Administrators. Rollback settings may be viewed by other users who have policy access.
Rollback can be used to correct an endpoint
Ransomware Rollback can be managed by the Suspicious Activity Monitoring screen. Go to suspicious Activity.
You can quickly take immediate action for each threat.
Click the ellipsis symbol in the Actions column to choose one to take immediate action or close the Incident.