-Best / Most secure way is to create backup on next addinonal disk and is not connected every day (just only for create next one backup or using to rollback system, your important data)
-Next important fact is your runing system which are under asking symbol "?" what's that mean or just what i want to tell you...
I mean if your system is confiused by some kind of virus and you want rollback system, Better dont do it from your current infected system (or in teory cleaned after infection)
Becasue you can harm your backup files by exsit virus which can still work on your system...
That why i prefer use standalone bootable system which comes with most of backup producents.
......
If are not fan of plug in/out every time harddisk or pendrive for "offline" backup and you wanna just make it from curent system to another space which work all time together with your system,
becasue you wanna to be more "elastic" use more friendly config, your data will be always under risk more than before..
And you will need software which put resctricion for improve security your data..
The best way will be use software which block read/write acess by unknow proces or such other manniers like this in system.
So you will put "SRP" Software Restriction Policies
I prefer software: AppGuard, Sandboxie-(Sandboxie is isolator"Sandbox" but he also come with advanced mode and with good/specific config he can also do it) Smart Object Blocker, WinAntiRAnsom (WinAntiRAnsom it is yet fresh project but in near time can be rly important program which improve your rest security on the system)
AV is typical scanner which come with partial blocker which moslty base on knew virus.
Unfortunly AV cant handle on time all fresh virus figured on network. That why you need more advaned programs which give you back control on your runing process/system.
HIPS or oprograms which work, use similar module based on HIPS technology (Host Intrusion Prevention System)
Program will monitor all runing process and not only and will ask you for block or allow which software what wanna to do.
In this sytuation you can block virus on 1st try taking action to harm your system.
Anti-EXE similar like HIPS also monitor action like HIPS but montor base only on monitoring process exe and not monitor aswell deep like typical HIPS. but also nice to have it.
Firewall will give you control on your network and you will be able to break connection with specific proces to prevent leak or harmd your data depend on infection.
Mostly good firewall come together with hips
I can offer you OutpostFirwall, SpyShelterFW (you can buy also standalone HIPS with out FW)
NVT ExeRadar Pro - awesome anti-exe security software i rly recomend it.
