Large number of entries with appid='ransomware_detection' in table oc_preferences

Support intro

Sorry to hear you’re facing problems :slightly_frowning_face: is for home/non-enterprise users. If you’re running a business, paid support can be accessed via where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:


Or for longer, use three backticks above and below the code snippet:


Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can :heart:

Nextcloud version (eg, 20.0.5): 24.0.5
Operating system and version (eg, Ubuntu 20.04): Ubuntu 22.04
Apache or nginx version (eg, Apache 2.4.25): Apache 2.4.54
PHP version (eg, 7.4): 8.1.7
Database: PostgreSQL 14.5

The issue you are facing:

I was having some performance issues and during analysis stumbled upon table oc_preferences, because it pooped up as the table with the most reads in the database. The table has 466932 entries and most of them have value ‘ransomware_detection’ (464846).

I have the app ransomware_protection active, but from the description of the app, it does not seem to be related to actual entries in oc_preferences (deactivating the app does also not remove the entries from the table).

Is this the first time you’ve seen this error? (Y/N):

Steps to replicate it:

  1. SELECT count(*) FROM public.oc_preferences where appid=‘ransomware_detection’;
  2. SELECT count(*) FROM public.oc_preferences;

Does anybody know what these entries are for? What would be the implication of removing them from the table (table would shrink to 1% of its current size, which would certainly help with the frequent SQL statement “SELECT “appid”, “configkey”, “configvalue” FROM “oc_preferences” WHERE “userid” = $1” I’m seeing. Have been searching a lot, but did not find anything in this direction.

Thanks a lot in advance!

Update: most likely these entries are related to the Ransomware Recovery app, which technically is (was) called Ransomware Detection (Ransomware recovery - Apps - App Store - Nextcloud).

As mentioned by the developer, this app should not be used anymore and should be deleted, which I did. I guess these entries in oc_preferences were left behind after removal. Will remove them manually after making a backup and see if I can find any negative effect.

Update: a week has gone by and have not noticed any negative effect. Access times to the table oc_preferences are much better.