Sounds like a good idea, indeed. However the infection indicators that you've mentioned do not seem reliable yet:This feature request is to not open a connection to the backup repository if an infection is suspected.
Large Windows Update, or deduplication, or defragmentation would make you to manually approve each backup session even if there was no infection.* Incremental backup changes by >50%
AFAIK the encrypted text will be larger than the original one in 99,9% of cases (assuming that the malware is really intended to get some ransom). We need to do some research to develop a reliable list of indicators in order to avoid false-positives.* 10 or more Microsoft Office documents reduce in size (assuming encryption reduces file size)
Users browsing this forum: Yahoo [Bot] and 12 guests