Hi!
I am total newbie with Cryptomator. I saw vault is created in OneDrive folder, and this vault is plain open files. Can I somehow protect at least those root files in vault, for example:
Hi.
The only way to protect your files from unwanted change, damage or deletion is to have a solid backup strategy. I’d like to recommend a 3-2-1 Backup strategy.
Please keep in mind, that Cryptomator is not a backup solution. It does encrypt. That’s it.
See also chapter „Security Target“ in the documentation.
to your questions:
Yes they can
If you are hiding files via OS from the logged in User, then Cryptomator can not read them. (Like any other app can’t). I am not aware that you can „unhide“ files for dedicated apps instead of users.
Assuming you are using Windows 11, there is a Windows feature called “Controlled Folder Access”. This is suppose to assist against ransonware. It is disabled by default. One enabled and your folder included in the settings, it may offer some protection.
Best to search the internet and have a read about the feature to see if it is suitable for you needs. I personally find it a bit cumbersome but is still OK.
Otherwise as Michael pointed out, have a good backup strategy so you can restore All your files (not just the Cryptomator Vault) in case of a ransomware attack.
Thank you both for answers! I am exploring the option @maccra mentioned, “controlled Folder Access” and added Cryptopmator.exe under allowed/exceptions to modify files in secure valut.
Hi all,
I haven’t tried this yet but what if you created a new local user account and then assigned ownership of the encrypted file directory the vault to that user ID and then also have cryptomator run as that user. That way the currently logged in user will have no access to those files but the software will. That should protect you from ransomware I think correct?
You still need to have a solid backup plan. I do both file backup and image backups. I do my image backups not every day but when I I’m about to install something new or upgrade or install Windows. Otherwise, every few days to a week. That way if something goes wrong with Windows update I can roll it back. If I am going to upgrade Joplin software I do an image backup first. My software does full backups and differential backups and so in this particular case I would do a differential backup. It doesn’t take that long when you do them frequently and you’re going from SSD to SSD.