EPDR Decoy Files
Hi All - First post so go easy on me
We're currently using EPDR within our RDS environment (with UPD Disks) and cuurently have a challenge with how the decoy files are used, we could just turn the setting off but need to understand how badly that screws up ransomware protection.
What we're seeing is that when the users log off their UPD profile is not fully released as the “!TDR.bin” and “ΩTDR.bin” folders are located in c:\users\userprofile which happens to be redirected to a UPD. When the user then comes to log back in they either are logged in with a temp profile, or they will be logged in with c:\users\userprofile.001 .002 etc, and eventually this starts causing issues with outlook and Mimecast etc, and eventually it will start impacting disk space issues.
Has anyone else experienced this or found a work around? We cant seem to find anything in watchguard cloud to help with this other than turn it off which we're reluctant to do that.
Any help would be appreciated