Anti-Ransomware File System Resource Manager Lists

FSRM is a server role that can be used to protect network shares from crypto-variant viruses from encrypting files to your server.

Once an infection has been identified by FSRM, a notification email can be sent for further investigation.

The filename patterns used are obtained from ā€“ https://fsrm.experiant.ca

This website already provides a link for a PowerShell script that installs the FSRM role, and downloads the required filename patterns.

I decided to not use the provided PowerShell script, and Iā€™m using the simplified script below instead.

After manually installing the FSRM role I ran the following PowerShell script to create the required file screening group.

new-FsrmFileGroup -name "Anti-Ransomware File Groups" -IncludePattern @((Invoke-WebRequest -Uri "https://fsrm.experiant.ca/api/v1/combined").content | convertfrom-json | % {$_.filters})

Once the file group “Anti-Ransomware File Groups” has been imported, a file screen can be manually created for a server drive or individual folders.

To update the file group change new-FsrmFileGroup to set-FsrmFileGroup in the PowerShell script.