Wait, I just happened to think - if the UrBackup administrator takes an IMAGE of the target computer, then that image would include BOTH the encrypted and unencrypted areas of Cryptomator.
Also, realize that UrBackup runs with administrator privileges when it accesses the client computer. So in theory, UrBackup could be hacked to do anything it wants on the target client computer. Including working around your attempts at encryption.
And another thing to think about, and realize when I mention this is is not to disparage the UrBackup developers. But in general, an application developer (say, for UrBackup) is NOT a security expert. So it is pretty common for their software to have security holes, often times major ones. UrBackup’s developers are probably quite adept at programming backup and networking functions. But my guess is that for the security aspects of the software, they learned some things on the fly, and probably took off the shelf security suites and whatever and threw those together for their end result. When it comes to security, it is NOT enough to grab existing solid packages and cobble them together. It’s the cobbling together where you are really prone to screwing up. This sounds like I’m picking on and being harsh on the UrBackup developers. Nothing could be farther from the truth. I am speaking in general terms about application developers.
You should ponder this: If you can’t trust your UrBackup administrator and feel you must encrypt because of them, maybe UrBackup is not what you should be using. In order to use UrBackup, you basically give the UrBackup server (and it’s administrator) the keys to your castle.