How to Configure Snapshot Modes (Critical Path and SMB share snapshots) and Snapshot Quotas

• Overview
• Requirements
• Considerations
• Configuration Snapshot Modes and Snapshot Quota

Overview

This feature allows SMB user share snapshots to be disabled.  This would be used when ACL security is used and most shares use everyone full control permissions allowing all users to have access to all shares.  In this configuration, a lot of snapshots can be created for a single user detection.   The other use case allows targeting snapshots on specific critical paths in the file system when any user detection occurs and disabling SMB share level snapshots.   In addition snapshot quota allows specifying a limit on the number of snapshots that Ransomware Defender can create.  

Requirements

1. Release 2.5.8 or later

Considerations

1. If user share snapshot mode is disabled , this also disables the event action menu create snapshot manual action on events.

Configuration Snapshot Modes and Snapshot Quota

1. Click the tab Snapshots
   1. unClick Enable Share Snapshots to disable snapshots applied to user SMB shares detected by AD group permissions
   2. Click Enable Critical Path Snapshots and then the + sign to add path to the list of paths that will have a snapshot applied on each and ever detection event.   The snapshot will be created even if the user does not have access to this path.   Use this option to protect application data or any critical data on the cluster.  Add paths as needed.
   3. Change the snapshot quota value to a higher or lower number to set the limit.   Once the snapshot limit is reached no more snapshots will be created until snapshots expiry which allows snapshots to be taken again up to the limit.   Default snapshot expiry is 48 hours.
   4. NOTE: both share snapshot and critical path can be enabled independently.
   5. NOTE: Always click submit after making changes.
   6.