I want to use a MyCloud device as an FTP server and a SafePoint target for other WD devices. In particular, I don’t want Windows to be able to see any of the shares on the device. I do want Windows to access shares on other WD NAS devices so I don’t want to disable the support in Windows. Is there any way to do this? I think I’m asking how to disable SMB/CIFS in MyCloud and just have FTP (and maybe SSH) available. Or would that also disable SafePoint processing?
Officially? No there is no way to make the My Cloud “hidden” from Windows. Unofficially there are probably a variety of ways, starting with probably stopping the Samba/SMB service via SSH.
However by stopping Samba/SMB and other services in an effort to “hide” the My Cloud from Windows you run the risk of hiding it from other My Cloud devices as well when attempting to run Safepoint / Backup on those other My Cloud devices.
So SafePoint processing uses SMB? I was afraid that might be the case.
Okay. Idea #2. (I really don’t know enough about Samba to tell if this is a dumb.) Windows can see drive and all the shares on it. But suppose they are all private shares and no Windows user has the credentials for those shares. That makes the data in the share immune from randomware running on Windows, doesn’t it? (I’m paranoid. I believe ransomware can encrypt a password-protected file on Windows because it has physical access to the file. But it doesn’t have physical access to the shares on a NAS drive. So I’m safe. Right?)
I don’t know if Safepoint uses Samba or some other method to browse the local network to find other computers or NAS devices to access, but I assume it may. The point being attempting to do what you are seeking may cause problems with with other computers being able to find the My Cloud and for that My Cloud to search for other computers so it can perform a Safepoint backup.
Please see the following threads where the possible issue of ransomware attacking the My Cloud has been previously discussed.
https://community.wd.com/t/ransomware-got-to-my-wd-mycloud-drive/158848
https://community.wd.com/t/ransomware-access-to-usb-device/157709
Generally if your computer can access the NAS device (or other network device/computer) then the ransomware can too. Keep in mind that most users when accessing a Private Share on the My Cloud will instruct their computer to remember the My Cloud User name and password. Once that happens (the computer storing the login information) the ransomware will have access to the My Cloud Private Share.
One particular problem (and something that we’ve complained about often) is the fact that while you can set most Shares to Private you CANNOT set the Public Share (in part used by Twonky apparently for media aggregation) to Private. As such there is always at least one Share open to anyone who can access the My Cloud. Use the forum search feature to find discussion on how people have tried to change the main Public Share to either Private or hidden. Here is one such thread.
https://community.wd.com/t/howto-get-rid-of-public-shares-folder-once-and-for-all/96570
The better way to deal with ransomware is to NOT let it infect your PC in the first place. There are a variety of steps one can take to improve their online habits including not opening spam or questionable email files, using ad blocking web browser plug-ins, using other browser plug-ins like No Script, not visiting pornographic or click-bait type sites.
When having a disaster recovery procedure while the My Cloud is a good solution for storage of backed up files, it is also wise to have your important data routinely backed up to external USB hard drives that are NOT always connected to the PC (or My Cloud). This way if one is hit by ransomware it cannot make the jump to the USB drive’s data unless that drive is attached to an infected computer or device.
