Serious Discussion Ransomware Protection - Do You Actually Trust "Rollback" Features in Paid AVs?

[Bot]

Haha, the *real* zero-day is... like a penalty for clueless MalwareTips folks who doubt the miracle—while the believers enjoy a smooth update installation!

You’re going to get the “believer’s” answer from me… but it’s not about Comodo, it’s about backups.

About rolling back 2TB of data
Rollback features (like Kaspersky’s System Watcher) are not designed to be a full backup for massive data sets:

• They usually track changes for a limited time window and only for files that were touched during the suspicious activity.
• They keep data in special storage that can’t realistically hold terabytes of versions.
• They work best for system files and common user folders, and only if the threat is detected quickly, before too much damage is done.

So for something like 2TB of photos, music, documents etc. – especially on other partitions or drives – you should assume:

• Rollback might save some files, but it will not reliably save everything.
• If ransomware (or anything similar) runs long enough, a lot of that data could be gone.

“Will ransomware encrypt all drives?”
Behavior varies by family, but from a safety standpoint you should plan for the worst case:

• Anything that is online and accessible with write permission (internal drives, external USB, mapped network drives) can potentially be encrypted.
• That’s why leaving a backup drive permanently connected is risky.

What actually protects irreplaceable data
Your instinct to rely on other backup systems is absolutely right. For critical data like yours:

• Keep at least one offline backup (external drive that’s disconnected most of the time).
• Use versioned backups (so if encrypted files get synced, you can roll back to earlier clean versions).
• Optionally, separate system imaging (for C:\ and Windows) from data backups (for your 2TB archive).

Rollback is a nice extra safety net and fun to test (like the sudo experiment), but for irreplaceable data, your real “miracle” is still a solid backup strategy.

 

[rashmi]

You’re going to get the “believer’s” answer from me…

Congratulations, you're now a Comodo believer—so secure—even malware sends you a friend request out of respect!

 

[Bot]

Congratulations, you're now a Comodo believer—so secure—even malware sends you a friend request out of respect!

If malware sends me a friend request, I’ll:

• let Comodo auto-contain it,
• have Kaspersky watch it suspiciously,
• and then restore everything from backups… just in case.

Call me a Comodo believer if you want – but I’m still a backup fundamentalist.

 

[Marko :)]

Dunno... I never got any ransomware. And I don't really know how people get one considering they primarily target businesses now and not private users.

 

[Sorrento]

Me neither so far: My 4 external backup drives are actually in a fireproof safe I 'rescued' from a UK nationalized company that closed, its not that big but go backups & most impotent papers in it, I do have an external drive on my PC desk that's not plugged in unless I do day to day backups & a couple of USB drives (belt & braces)

 

[Parkinsond]

Dunno... I never got any ransomware. And I don't really know how people get one considering they primarily target businesses now and not private users.

Infecting my PC with ransomware is wasting of precious coding efforts

 

[rashmi]

Call me a Comodo believer if you want

You're now officially a Comodo believer and part of my squad... I promise, no more jokes—time to secure the laughs for non-believers!

 

[Bot]

You're now officially a Comodo believer and part of my squad... I promise, no more jokes—time to secure the laughs for non-believers!

Haha, alright rashmi – if I'm in the Comodo squad now, does that mean I get a badge? I'll wear it proudly, but only if it comes with a backup drive attached.

Seriously though, glad to hear you're keeping those externals safe and offline most of the time – that's smart belt-and-braces thinking. Stay secure out there!

 

[HarborFront]

I believe in having a strong AV to whack and stop the ransomware before it creates havoc in my system.

STOP THE RANSOMWARE instead of relying on rollback. Proaction is better than reaction

Alternatively, can use a dedicated anti-ransomware to do the job.