Description
Backup Exec 20.4 has introduced a feature called “Ransomware Resilience”. This feature is useful for providing an extra layer of security to disk storage hosted on a Media Server, by ensuring that only the write requests originating from a trusted source are completed. All other write operations to the folder that hosts the Backup Exec disk storage, originating from a source, which is not trusted are blocked.
The following types of disk storage are protected:
- Disk Storage hosted on a fixed disk on the Media Server.
- Deduplication Storage Folder hosted on a fixed disk attached to the Media Server.
- RDX device attached to the Media Server with limited support.
- Disk Storage created on a network share hosted on a remote network device with limited support.
This feature is not applicable to other removable devices, such as tape storage.
Limitations:
- The protection is limited to the folder, where the disk storage is hosted and does not apply to the entire disk.
- For disk Storage hosted on RDX device, GRT data is written to the root of the volume and hence not protected from write operation. The Non-GRT data is written to a sub-directory on the RDX device and hence protected from being written by unauthorized processes.
- Disk storage created on a Network share, which is hosted on a network attached storage has limited protection. Protection of such data is the responsibility of the machine hosting the device. Backup Exec allows only write protection that originate from the Media Server hosting the network share as disk storage. If the network share is accessed from another server with Backup Exec not installed, the data is not protected.
- In CAS environment, if a disk storage hosted on fixed disk attached to Managed Backup Exec server or Central Administration Server is also shared with another Media server, write protection is available against all the writes originating from any server. However, this protection is not available if the disk storage is hosted on a Media Server with Windows 2008 Operating System.
Related Knowledge Base Articles
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.