Ransomware Prevention Question Windows Servers 2019-2022
We have pretty much moved all clients to Capture Client due to everything I heard about it and SentinalOne and how well it has worked to prevent Ransomware. I don't seem to be able to get a straight answer anywhere if this feature should be and can safely be enabled for file servers. My biggest concern is to do all we can to prevent against Ransomware attacks.
I have the rollback feature enabled on all endpoints but not servers yet. VSS is enabled and set to automatic on all desktops. So what if anything should/could be done safely when it comes to servers? What about app servers where you can be running SQL, or servers with10-100TB - I am unclear on what is included in the rollback and if it could blow up servers or Domain Controllers.
Anyone have any experience SOLID/Accurate info on this?
Secondly - I have concerns with the problems I have seen with the client where it often requires manual removal on endpoints 3.7.4-3.7.9 where you need to boot in safe mode. I have never booted a prod server, Domain Controller/appservers or otherwise to safe mode and have concerns with running Capture on some windows servers for this reason. What is the general consensuis and experience/issues encountered with how challenging it could be to uninstall broken Capture Client agents from Windows servers?