Anti-Ransomware Files

Starting from version E88.50 and later, the Anti-Ransomware creates the honeypot files in these folders:

• Drive root (C:\ , D:\ , Etc)

• C:\Users\Public\Music

• C:\Users\<User>\Music (MyMusic)

• C:\Users\Public\Documents

• C:\Users\<User>\Documents (MyDocuments)

• C:\Users\Public\Videos

• C:\Users\<User>\Videos (MyVideos)

• C:\Users\Public\Pictures

• C:\Users\<User>\Pictures (MyPictures)

• C:\Program Files (x86)

• C:\ProgramData

• C:\Users\<User>\AppData\Roaming

• C:\Users\<User>\AppData\Local

For versions prior to E88.50, the Anti-Ransomware creates the honeypot files in these folders:

• C:\Users\Public\Music

• C:\Users\<User>\Music (MyMusic)

• C:\Users\Public\Documents

• C:\Users\<User>\Documents (MyDocuments)

• C:\Users\Public\Videos

• C:\Users\<User>\Videos (MyVideos)

• C:\Users\Public\Pictures

• C:\Users\<User>\Pictures (MyPictures)

• C:\Program Files (x86)

• C:\ProgramData

• C:\Users\<User>\AppData\Roaming

• C:\Users\<User>\AppData\Local

Starting with version E88.41 and later, folders with restricted access are identified by a lock icon next to the folder name.

For example:

For versions prior to E88.41, folders with restricted access are identified by a lock icon next to the folder name.

For example:

The file names include these strings, or similar:

• CP

• CheckPoint

• Check Point

• Check-Point

• Sandblast Agent

• Sandblast Zero-Day

• Endpoint