ARP triggers Snapshot during large scale data copy operations despite disabled detection parameters
Applies to
- ONTAP 9
- Autonomous Ransomware Protection (ARP)
Issue
- ARP creates autonomous protection Snapshots during large scale data migration.
- Detection parameters disabled with the following settings:
-based-on-high-entropy-data-rate-based-on-file-create-rate-based-on-file-rename-rate-based-on-file-delete-rate
- Snapshot creation continues after parameter disablement.
- No new or unknown file extensions detected.
- Large write activity with robocopy assumed to trigger ARP.