By default NeuShield protects the OneDrive or Google Drive data that is cached locally on the device. When ransomware infects a device, it attempts to encrypt the data. Any of the data that is cached on the local device is already protected by NeuShield's Mirror Shielding technology, allowing users to revert that locally cached data. Once the local cache is reverted, it will be synced up to the cloud automatically by the OneDrive app or the Google Drive app.
OneDrive and Google Drive can also be configured to store data in the cloud and only download the data as needed, using a feature such as "Files on Demand". In this case, the local file is deflated (removed of all data) and is just kept as a placeholder on the local device. If ransomware tries to encrypt this data, the OneDrive or Google Drive app will automatically download the data from the cloud when the ransomware attempts to encrypt it. At that point, NeuShield protects the data after it is downloaded but before the ransomware can encrypt it. This way, even though the data is not stored on the endpoint, it can be reverted by NeuShield.