Defense+ alert on file extension change

I think the addition of a checkbox in the Defense+ settings stating something like: “Alert on file extension change” would be beneficial and could even stop some of those ransomware that encrypt user files and change/add an additional extension to the original one. It would be a great addition to CIS 6 when it comes out :slight_smile:
Maybe Defense+ could know the difference between the user changing it or some program doing it, or use the whitelist to allow known programs such changes…I’m not familiar with the technical limitations/possibilities but I think you get the idea.

What do you guys think?

This can be great idea, but on the other side with lots of problems in It.

  1. It will be annoying when manually changing extensions - maybe it can be solved by adding some sensor detecting that It’s user modification and don’t ask.
  2. When some malware will change user extensions It will just spam user with tons of popups as It massively change every file extension on disk. - Will have to get checkbox 'Take selected action (Block/Allow) for every file extension modification in … 20 minutes for example)

But with some improvements and smart make It can be great addition. :-TU

Well, Defense+ has the checkbox “Remember my answer” so you won’t get annoyed with constant popups, it’s the same as always just with this extra thing that Defense+ should look out for.

As for an user manually changing the extension, I don’t think that happens often so 1 click on allow and it’s solved or if you plan to change a lot of them, for whatever reason, you can go to options and uncheck the box or check Remember my answer (if it’s going to put explorer.exe as the process causing it) :slight_smile: