We got burned by CryptoWall and wonder about some things. We had backups so not a big deal, but another way would have been previous versions on the server. The infection was on a laptop that encrypted files on the server that had mapped shares.
When I looked at previous versions on the server (2011 SBS server), there were none on the D drive - the data drive. Checking the settings, I saw that the C drive previous versions was configured, but drive D was disabled.
Someone else set up this server.
Being that the malware wasn't running on the D drive, it woudn't have been able to disable previous versions, right?
When setting up an 2011 SBS / 2012R2 Essentials box and making a C and D drive, the C drive previous versions is on by default, right?
But what about D? you have to remember to manually configure that?
Which goes to the question - do you just make a single large C drive for data and OS? That's my thinking but more expert people here disagree? along with wondering if C is too big / too small for the OS, here's another reason to just make a single drive?
And settings for previous versions - do you set a maximum amount of space or limit the amount available. Might as well give all the space? Something like cryptowall changing all files would need lots of space for previous versions?