FSRM is a server role that can be used to protect network shares from crypto-variant viruses from encrypting files to your server.
Once an infection has been identified by FSRM, a notification email can be sent for further investigation.
The filename patterns used are obtained from ā https://fsrm.experiant.ca
This website already provides a link for a PowerShell script that installs the FSRM role, and downloads the required filename patterns.
I decided to not use the provided PowerShell script, and Iām using the simplified script below instead.
After manually installing the FSRM role I ran the following PowerShell script to create the required file screening group.
new-FsrmFileGroup -name "Anti-Ransomware File Groups" -IncludePattern @((Invoke-WebRequest -Uri "https://fsrm.experiant.ca/api/v1/combined").content | convertfrom-json | % {$_.filters})
Once the file group “Anti-Ransomware File Groups” has been imported, a file screen can be manually created for a server drive or individual folders.
To update the file group change new-FsrmFileGroup to set-FsrmFileGroup in the PowerShell script.