Remove Ransomware detection from VA

Remove the early Ransomware detection feature in the Cristie VA

Cristie Software have applied technologies to provide advanced file anomaly detection, which can take place within the system recovery and replication process to help combat Ransomware.

This can be disabled if not required within the environemnt. For full details of the technology, please see:

To disable the feature go to:

Options / Discovery settings

Set the ‘Ransomware Scan Interval’ setting to ‘0’ (zero)

Once disabled, the feature is disabled and the icons in the GUI relevent to ransomware detection are removed.

Disabling Ransomware can also be done in the VA terminal via putty.

Log into the VA over ssh
Run the below command

sed -i ‘s/^.ransomware_watchdog.$/# &/’ /usr/sbin/discovery_service

Restart the VA services


(restarting the services will stop all processes in the VA, including replications, updates, deployments etc.)

Supported in version 4.8 of the Cristie VA.