EPDR Decoy Files

Hi All - First post so go easy on me

We're currently using EPDR within our RDS environment (with UPD Disks) and cuurently have a challenge with how the decoy files are used, we could just turn the setting off but need to understand how badly that screws up ransomware protection.

What we're seeing is that when the users log off their UPD profile is not fully released as the “!TDR.bin” and “ΩTDR.bin” folders are located in c:\users\userprofile which happens to be redirected to a UPD. When the user then comes to log back in they either are logged in with a temp profile, or they will be logged in with c:\users\userprofile.001 .002 etc, and eventually this starts causing issues with outlook and Mimecast etc, and eventually it will start impacting disk space issues.

Has anyone else experienced this or found a work around? We cant seem to find anything in watchguard cloud to help with this other than turn it off which we're reluctant to do that.

Any help would be appreciated


  • Options
    David_CarroDavid_Carro WatchGuard Representative

    PM sent.
    Please check your PM inbox

    Have a lovely day,


    David Carro | Technical support
    WatchGuard Technologies, Inc. | www.watchguard.com

Sign In to comment.