Backup

In this section, SVM refers to an SVM with the File Threat Protection component installed.

Backup is a special storage for backup copies of files that are deleted or modified during disinfection.

A backup copy of a file is a copy of a virtual machine file that is created when this file is disinfected or removed. Backup copies of files are stored in Backup in a special format and pose no danger.

When Kaspersky Security detects an infected file on a virtual machine, it blocks the virtual machine user from accessing this file and moves a copy of the file to Backup. The application then subjects the file to the action that is configured in the protection profile of this virtual machine. For example, it disinfects or deletes the file. 

Sometimes it is not possible to maintain the integrity of files during disinfection. If the disinfected file contained information that becomes fully or partially unavailable after disinfection, you can save the file from the backup copy to the hard drive of a computer on which Kaspersky Security Center Administration Console is installed.

Backup is located on the SVM with the File Threat Protection component installed. Use of Backup is enabled by default on each SVM.

When an SVM with the File Threat Protection component is removed or updated, copies of files that were placed in Backup are automatically deleted.

The size of Backup on an SVM is 1 GB. If the total size of backup copies of files in Backup exceeds this value, Kaspersky Security removes the oldest backup copies of files to keep the size of Backup under 1 GB.

The default maximum storage period for backup copies of files in Backup is 30 days. After this time, Kaspersky Security automatically deletes backup copies of files from Backup.

You can change the maximum storage term for backup copies of files. Backup settings are specified in the policy settings.

The Kaspersky Security Center Administration Console lets you manage backup copies of files stored in Backup on SVMs. The Kaspersky Security Center Administration Console displays a combined list of backup copies of files that Kaspersky Security placed in Backup on each SVM with the File Threat Protection component installed.

To prevent deletion of backup copies of files when deleting or updating SVMs, you can configure the use of network data storage for SVMs. If the use of network data storage is enabled, backup copies of files with each SVM are saved in a separate folder in the network data storage. An SVM connects to the storage every 10 minutes for data synchronization. If backup copies on an SVM were deleted automatically as a result of deletion or update of the SVM, they will be automatically restored. If you manually deleted backup copies of files on an SVM, these copies are also deleted from the folder in the network data storage. The term for storing backup copies of files in network data storage is determined by the Backup settings on SVMs.

To use network data storage, you need to create a network folder for hosting the network data storage and a user account for connecting SVMs. The amount of space necessary for the network data storage can be estimated based on the following formula: (N+1) GB, where N is the number of SVMs that connect to the network data storage.

You need to make sure that the amount of space allocated for network data storage is sufficient for storing backup copies of files. Kaspersky Security does not monitor the availability of free space in your network data storage and does not notify you if backup copies of files cannot be stored. It is recommended to use third-party tools to monitor the available space in the network folder.

You can configure the use of network data storage for SVMs during installation of the application (procedure for registering Kaspersky Security services) or by using the Kaspersky Security reconfiguration procedure.

Configuring Backup settings

To configure Backup settings on SVM:

1. In the Kaspersky Security Center Administration Console, open the properties of the policy that determines the SVM operation settings:
   1. In the console tree, select the folder or administration group in which the policy was created.
   2. In the workspace, select the Policies tab.
   3. Select a policy in the list of policies and double-click the policy to open the Properties: <Policy name> window.
2. In policy properties window, select the Backup section.
3. In the right part of the window, specify the following settings:
   • Move files to backup

     

     Enables / disables the use of Backup on SVMs with the File Threat Protection component installed.

     If this check box is selected, Kaspersky Security moves a backup copy of a file to Backup before disinfecting or deleting it.

     If this check box is cleared, Kaspersky Security does not save a backup copy of a file in Backup before disinfecting or deleting it.

     This check box is set by default.

     If you used Backup before clearing this check box, backup copies of files previously moved to Backup remain in Backup. Such backup copies of files are deleted depending on the value of the Store files no longer than N days setting.

   • Store files no longer than N days

     

     Duration of storage of backup copies of files in Backup. After this time, Kaspersky Security automatically deletes backup copies of files from Backup.

     You can specify a value in the range of 1 to 365 in this field. The default value is 30 days.

     If you reduce the default storage period for backup copies of files, Kaspersky Security removes from Backup those copies of files that have been stored longer than the newly configured storage period.

4. In the Properties: <Policy name> window, click OK.

Managing backup copies of files

You can manage backup copies of files as follows:

• View the list of backup copies of files.
• Save files from backup copies to the hard drive of a computer with the Administration Console of Kaspersky Security Center installed.
• Delete backup copies of files from Backup.

Viewing the list of backup copies of files

To view the list of backup copies of files,

Select the Backup folder in the Additional → Storages folder of the Kaspersky Security Center Administration Console.

The workspace displays a list of backup copies of files that have been moved to Backups on all SVMs.

The list of backup copies of files appears in the form of a table. Each table row contains an event that involves an infected file and information about the type of threat that was detected in the file.

The table columns show the following details:

• Device. The name and path to the virtual machine on which the file was detected.
• Name. File name.
• Status. The status that Kaspersky Security assigned to the detected file after processing: Deleted, Disinfected.
• Action being performed. The action that is currently being taken on this backup copy of the file in Backup. For example, if you have made a command to delete the backup copy of a file, this column displays Being deleted. If the application is not taking any actions on this backup copy of the file, the field remains blank.
• Date of placement. The date and time when the backup copy of the file was moved to Backup.
• Object. The name of the object detected in the file. If multiple threats have been detected in the file, each threat appears in a separate row in the list of backup copies of files.
• Size. File size, in bytes.
• Restoration folder. Complete path to the original file on the virtual machine.
• Description. Name of the virtual machine and complete path to the original file whose backup copy has been placed in Backup.

Saving files from Backup to disk

You can save files from Backup to the hard drive of a computer that has the Administration Console of Kaspersky Security Center installed.

To save the file from Backup to disk:

1. In the Kaspersky Security Center Administration Console, in the Additional → Storages folder, select the Backup folder.

   The workspace displays a list of backup copies of files that have been moved to Backups on all SVMs.

2. In the list of backup copies of files, select the file you want to save to disk.
3. Do one of the following:
   • Right-click to open the context menu and select Save to disk.
   • Save the file by clicking the Save to disk link. The link is located on the right of the list of backup copies of files, in the workspace for managing the selected file.

     A window opens, prompting you to select a folder on the hard drive to save the selected file.

4. Select a folder on the hard drive of the computer to which you want to save the file.
5. Click OK.

Kaspersky Security saves the specified file to the hard drive of a computer that has the Administration Console of Kaspersky Security Center installed.

The files are saved to the hard drive of a computer with the Administration Console of Kaspersky Security Center installed, in non-encrypted format.

Deleting backup copies of files

To delete backup copies of files:

1. In the Kaspersky Security Center Administration Console, in the Additional → Storages folder, select the Backup folder.

   The workspace displays a list of backup copies of files that have been moved to Backups on all SVMs.

2. In the list of backup copies of files, select the files you want to delete. Use the CTRL and SHIFT keys to select multiple files.
3. Do one of the following:
   • Right-click to display the context menu and select Delete.
   • Delete files by clicking the Delete objects link. The link is located on the right of the list of backup copies of files, in the workspace for managing the selected files.

Kaspersky Security deletes backup copies of files from Backups on SVMs. To refresh the list of backup copies of files and check it for changes, click the Refresh link.

It takes some time to refresh the list of backup copies of files. Wait for the list to be refreshed.