WSL1 Ignoring Ransomware Protection on Win10 (20H2)?
0Demonstration that Ransomware Protection in Win10 (20H2) will prevent certain WSL1 commands such as "bash" from writing to a file in a protected folder however it does not prevent the "mv" command from moving the file. Both actions trigger events stating that the operation has been blocked however the "mv" command is still able to successfully move the file.
Some supporting files showing screenshots of the block events in the Windows Security area and exports of the events from the Windows Defender Event Log: https://pileofgarbage.net/weirdsl/
Music: π£πΏπ²ππ²π»π±π²πΏ by πππ’π΄π©ππ°π―π¦, from the ππΆππ²πΏπ΄π²π»π°π² ππ ππ£ (EATBRAINLP009) compilation released on ππ’π΅π£π³π’πͺπ―. https://youtu.be/J0wll3H9Gc8
ππ±πΆπ: further investigation has revealed the issue only affects WSL1 and not WSL2 which works differently.