ACRONIS Cyber Protection Service 23.03 User manual

Cyber Protection

23.03

R E V I S I O N : 3 / 2 3 / 2 0 2 3

User Guide

acronis.com

Table of contents

Supported Cyber Protect features by operating system 19

Activating the account 26

Password requirements 26

Two-factor authentication 26

What if... 27

Accessing the Cyber Protection service 29

The Cyber Protection console 30

Multitenancy support 33

Using the Cyber Protection console as a partner administrator 34

Cyber Protection console – partner level view 35

Alerts tab 35

Activities tab 36

Devices tab 36

Software management tab 37

Software requirements 38

Supported web browsers 38

Supported operating systems and environments 38

Agent for Windows 38

Agent for SQL, Agent for Active Directory, Agent for Exchange (for database backup and

application-aware backup) 39

Agent for Data Loss Prevention 39

Agent for Advanced Data Loss Prevention 40

Agent for File Sync & Share 40

Agent for Exchange (for mailbox backup) 40

Agent for Microsoft 365 40

Agent for Oracle 41

Agent for MySQL/MariaDB 41

Agent for Linux 41

Agent for Mac 42

Agent for VMware (Virtual Appliance) 42

Agent for VMware (Windows) 42

Agent for Hyper-V 43

Agent for Virtuozzo 43

Agent for Virtuozzo Hybrid Infrastructure 43

Agent for Scale Computing HC3 43

2 © Acronis International GmbH, 2003-2023

Agent for oVirt 43

Agent for Synology 43

Cyber Protect Monitor 43

Supported Microsoft SQL Server versions 44

Supported Microsoft Exchange Server versions 44

Supported Microsoft SharePoint versions 44

Supported Oracle Database versions 44

Supported SAP HANA versions 45

Supported MySQL versions 45

Supported MariaDB versions 45

Supported virtualization platforms 45

Limitations 50

Compatibility with encryption software 51

Common installation rule 52

The way of using Secure Zone 52

Common backup rule 52

Software-specific recovery procedures 52

Supported file systems 54

Data Deduplication 56

Installing the software 57

Which agent do I need? 57

System requirements for agents 59

Preparation 60

Step 1 60

Step 2 60

Step 3 60

Step 4 61

Step 5 61

Step 6 62

Linux packages 63

Are the required packages already installed? 63

Installing the packages from the repository 64

Installing the packages manually 65

Proxy server settings 66

In Windows 66

In Linux 68

In macOS 69

3 © Acronis International GmbH, 2003-2023

In bootable media 70

Installing protection agents 70

Downloading protection agents 70

Installing protection agents in Windows 70

Installing protection agents in Linux 72

Installing protection agents in macOS 75

Granting the required system permissions to the Connect Agent 76

Changing the logon account on Windows machines 77

Dynamic installation and uninstallation of components 79

Unattended installation or uninstallation 80

Unattended installation or uninstallation in Windows 80

Unattended installation or uninstallation in Linux 86

Unattended installation and uninstallation in macOS 92

Registering workloads manually 94

Passwords with special characters or blank spaces 97

Autodiscovery of machines 98

Prerequisites 98

How autodiscovery works 98

How remote installation of agents works 100

Autodiscovery and manual discovery 101

Managing discovered machines 105

Troubleshooting 106

Deploying Agent for VMware (Virtual Appliance) 107

Before you start 107

Deploying the OVF template 108

Configuring the virtual appliance 108

Deploying Agent for Scale Computing HC3 (Virtual Appliance) 110

Before you start 110

Deploying the QCOW2 template 111

Configuring the virtual appliance 112

Agent for Scale Computing HC3 – required roles 114

Deploying Agent for Virtuozzo Hybrid Infrastructure (Virtual Appliance) 114

Before you start 114

Configuring networks in Virtuozzo Hybrid Infrastructure 115

Configuring user accounts in Virtuozzo Hybrid Infrastructure 116

Deploying the QCOW2 template 118

Configuring the virtual appliance 119

4 © Acronis International GmbH, 2003-2023

Deploying Agent for oVirt (Virtual Appliance) 123

Before you start 123

Deploying the OVA template 124

Configuring the virtual appliance 125

Agent for oVirt – required roles and ports 127

Deploying Agent for Synology 128

Before you start 128

Downloading the setup program 129

Installing Agent for Synology 129

Updating Agent for Synology 130

Deploying agents through Group Policy 131

Prerequisites 131

Step 1: Generating a registration token 131

Step 2: Creating the .mst transform and extracting the installation package 132

Step 3: Setting up the Group Policy objects 133

Accessing virtual appliances via the SSH protocol 134

Updating agents 134

Updating agents manually 135

Updating agents automatically 137

Preventing unauthorized uninstallation or modification of agents 139

Uninstalling agents 140

In Windows 140

In Linux 140

In macOS 140

Removing Agent for VMware (Virtual Appliance) 141

Removing machines from the service console 141

Protection settings 141

Automatic updates for components 141

Updating the Cyber Protection definitions by schedule 142

Updating the Cyber Protection definitions on-demand 143

Cache storage 143

Changing the service quota of machines 143

Cyber Protection services installed in your environment 145

Services installed in Windows 145

Services installed in macOS 145

Managing workloads 146

Device groups 146

5 © Acronis International GmbH, 2003-2023

Built-in groups and custom groups 146

Static groups and dynamic groups 147

Cloud-to-cloud groups and non-cloud-to-cloud groups 148

Creating a static group 148

Adding workloads to a static group 150

Creating a dynamic group 150

Editing a dynamic group 162

Deleting a group 162

Applying a plan to a group 163

Revoking a plan from a group 163

Managing the isolation of workloads 164

Isolating a workload from the network 164

Managing network exclusions 166

Protection plans and modules 168

Creating a protection plan 168

Actions with protection plans 170

Applying a protection plan to a workload 171

Editing a protection plan 171

Revoking a protection plan 172

Enabling or disabling a protection plan 173

Deleting a protection plan 173

Resolving plan conflicts 174

Conflict between a new and existing plan 174

Conflict between an individual and group plan 174

License issue 174

Default protection plans 175

Comparison of the default protection plans 175

Applying a default protection plan 180

Editing a default protection plan 180

#CyberFit Score for machines 182

How it works 182

#CyberFit scoring mechanism 182

Running a #CyberFit Score scan 186

Backup and recovery 188

Backup 188

Protection plan cheat sheet 190

Selecting data to back up 192

6 © Acronis International GmbH, 2003-2023

Selecting entire machine 192

Selecting disks/volumes 193

Selecting files/folders 196

Selecting system state 198

Selecting ESXi configuration 198

Continuous data protection (CDP) 199

How it works 200

Supported data sources 201

Supported destinations 202

Configuring a CDP backup 202

Selecting a destination 203

Advanced storage option 204

About Secure Zone 205

Schedule 208

Backup schemes 208

Additional scheduling options 209

Schedule by events 210

Start conditions 213

Retention rules 219

What else you need to know 220

Replication 220

Usage examples 221

Supported locations 221

Encryption 222

Encryption in a protection plan 222

Encryption as a machine property 223

How the encryption works 224

Notarization 224

How to use notarization 225

How it works 225

Starting a backup manually 225

Default backup options 225

Backup options 226

Availability of the backup options 226

Alerts 229

Backup consolidation 229

Backup file name 230

7 © Acronis International GmbH, 2003-2023

Backup format 233

Backup validation 235

Changed block tracking (CBT) 235

Cluster backup mode 235

Compression level 237

Error handling 237

Fast incremental/differential backup 239

File filters 239

File-level backup snapshot 240

Forensic data 241

Log truncation 250

LVM snapshotting 250

Mount points 250

Multi-volume snapshot 251

One-click recovery 252

Performance and backup window 256

Physical Data Shipping 260

Pre/Post commands 261

Pre/Post data capture commands 263

Scheduling 266

Sector-by-sector backup 266

Splitting 267

Task failure handling 267

Task start conditions 268

Volume Shadow Copy Service (VSS) 268

Volume Shadow Copy Service (VSS) for virtual machines 269

Weekly backup 270

Windows event log 270

Recovery 270

Recovery cheat sheet 270

Safe recovery 272

Recovering a machine 274

Prepare drivers 282

Check access to the drivers in bootable environment 282

Automatic driver search 283

Mass storage drivers to install anyway 283

Recovering files 285

8 © Acronis International GmbH, 2003-2023

Recovering system state 290

Recovering ESXi configuration 290

Recovery options 291

Operations with backups 299

The Backup storage tab 299

Mounting volumes from a backup 300

Validating backups 302

Exporting backups 303

Deleting backups 303

Operations with indexes in cloud-to-cloud backups 305

Protecting Microsoft applications 306

Protecting Microsoft SQL Server and Microsoft Exchange Server 306

Protecting Microsoft SharePoint 306

Protecting a domain controller 306

Recovering applications 306

Prerequisites 307

Database backup 309

Application-aware backup 315

Mailbox backup 317

Recovering SQL databases 318

Recovering Exchange databases 326

Recovering Exchange mailboxes and mailbox items 329

Changing the SQL Server or Exchange Server access credentials 335

Protecting mobile devices 335

Supported mobile devices 335

What you can back up 335

What you need to know 336

Where to get the Cyber Protect app 336

How to start backing up your data 337

How to recover data to a mobile device 337

How to review data via the service console 337

Protecting Hosted Exchange data 339

What items can be backed up? 339

What items can be recovered? 339

Selecting mailboxes 339

Recovering mailboxes and mailbox items 340

Protecting Microsoft 365 data 342

9 © Acronis International GmbH, 2003-2023

Why back up Microsoft 365 data? 342

Agent for Microsoft 365 342

Limitations 344

Required user rights 345

Microsoft 365 seats licensing report 345

Logging 346

Using the locally installed Agent for Office 365 346

Using the cloud Agent for Microsoft 365 350

Protecting Google Workspace data 378

What does Google Workspace protection mean? 378

Required user rights 379

About the backup schedule 379

Limitations 379

Logging 380

Adding a Google Workspace organization 380

Creating a personal Google Cloud project 381

Discovering Google Workspace resources 384

Protecting Gmail data 384

Protecting Google Drive files 389

Protecting Shared drive files 393

Notarization 396

Protecting Oracle Database 397

Protecting SAP HANA 397

Protecting MySQL and MariaDB data 398

Configuring an application-aware backup 399

Recovering data from an application-aware backup 400

Protecting websites and hosting servers 403

Protecting websites 403

Protecting web hosting servers 406

Special operations with virtual machines 407

Running a virtual machine from a backup (Instant Restore) 407

Working in VMware vSphere 411

Backing up clustered Hyper-V machines 428

Limiting the total number of simultaneously backed-up virtual machines 429

Machine migration 430

Microsoft Azure and Amazon EC2 virtual machines 431

Cyber Scripting 433

10 © Acronis International GmbH, 2003-2023

Prerequisites 433

Limitations 433

Scripts 433

Creating a script 434

Cloning a script 436

Editing or deleting a script 436

Changing the script status 437

Comparing script versions 438

Downloading the output of a scripting operation 438

Script repository 439

Scripting plans 439

Creating a scripting plan 440

Schedule and start conditions 442

Managing the target workloads for a plan 444

Plans on different administration levels 445

Compatibility issues with scripting plans 446

Resolving compatibility issues with scripting plans 447

Script quick run 448

User roles and Cyber Scripting rights 449

Disaster recovery 452

About Cyber Disaster Recovery Cloud 452

The key functionality 452

Software requirements 453

Supported operating systems 453

Supported virtualization platforms 453

Limitations 454

Cyber Disaster Recovery Cloud trial version 455

Compute points 455

Setting up the disaster recovery functionality 456

Create a disaster recovery protection plan 457

Editing the Recovery server default parameters 458

Cloud network infrastructure 459

Setting up connectivity 460

Networking concepts 460

Initial connectivity configuration 471

Prerequisites 473

Network management 479

11 © Acronis International GmbH, 2003-2023

Prerequisites 494

Setting up recovery servers 495

Creating a recovery server 495

How failover works 498

How failback works 504

Working with encrypted backups 511

Operations with Microsoft Azure virtual machines 512

Setting up primary servers 512

Creating a primary server 512

Operations with a primary server 514

Managing the cloud servers 515

Firewall rules for cloud servers 516

Setting firewall rules for cloud servers 516

Checking the cloud firewall activities 519

Backing up the cloud servers 519

Orchestration (runbooks) 520

Why use runbooks? 520

Creating a runbook 520

Operations with runbooks 522

Antimalware and web protection 524

Antivirus and antimalware protection 524

Antimalware features 524

Scanning types 525

Antivirus and antimalware protection settings 526

Tips and tricks Protection exclusions 538

Active Protection in the Cyber Backup Standard edition 538

Active protection settings in Cyber Backup Standard 539

URL filtering 544

How it works 545

URL filtering configuration workflow 547

URL filtering settings 547

Description 553

Microsoft Defender Antivirus and Microsoft Security Essentials 553

Schedule scan 554

Default actions 554

Real-time protection 555

12 © Acronis International GmbH, 2003-2023

Advanced 555

Exclusions 556

Firewall management 556

Quarantine 557

How do files get into the quarantine folder? 557

Managing quarantined files 558

Quarantine location on machines 558

Self-service custom folder on-demand 559

Corporate whitelist 559

Automatic adding to the whitelist 559

Manual adding to the whitelist 559

Adding quarantined files to the whitelist 560

Whitelist settings 560

Viewing details about items in the whitelist 560

Antimalware scan of backups 560

Limitations 561

Advanced protection 563

Advanced Data Loss Prevention 564

Creating the data flow policy and policy rules 565

Enabling Advanced Data Loss Prevention in protection plans 573

Automated detection of destination 576

Sensitive data definitions 577

Data Loss Prevention events 582

Advanced Data Loss Prevention widgets on the Overview dashboard 584

Custom sensitivity categories 585

Endpoint Detection and Response (EDR) 586

Why you need Endpoint Detection and Response (EDR) 587

Enabling Endpoint Detection and Response (EDR) functionality 590

How to use Endpoint Detection and Response (EDR) 591

Viewing which incidents are currently not mitigated 596

Understanding the scope and impact of incidents 597

How to navigate attack stages 606

What information is included in an attack stage? 607

Manage the network isolation of a workload 624

Patch a workload 628

Restart a workload 630

Recovery from backup 632

13 © Acronis International GmbH, 2003-2023

Disaster Recovery failover 633

Protection of collaboration and communication applications 640

Vulnerability assessment and patch management 641

Vulnerability assessment 641

Supported Microsoft and third-party products 642

Supported Apple and third-party products 643

Supported Linux products 644

Vulnerability assessment settings 644

Vulnerability assessment for Windows machines 646

Vulnerability assessment for Linux machines 646

Vulnerability assessment for macOS devices 647

Managing found vulnerabilities 647

Patch management 648

How it works 649

Patch management settings 650

Managing list of patches 653

Automatic patch approval 654

Manual patch approval 657

On-demand patch installation 657

Patch lifetime in the list 658

Software inventory 659

Enabling the software inventory scanning 659

Running a software inventory scan manually 660

Browsing the software inventory 660

Viewing the software inventory of a single device 662

Hardware inventory 664

Enabling the hardware inventory scanning 664

Running a hardware inventory scan manually 665

Browsing the hardware inventory 665

Viewing the hardware of a single device 668

Remote desktop and assistance 670

Supported remote desktop and assistance features 671

Supported platforms 674

Remote connection protocols 675

NEAR 675

RDP 676

Screen sharing 676

14 © Acronis International GmbH, 2003-2023

Remote sound redirection 676

Connections to remote workloads for remote desktop or remote assistance 677

Connecting to remote workloads via RDP 678

Agent plans 679

Creating an agent plan 679

Adding a workload to an agent plan 686

Removing workloads from an agent plan 686

Additional operations with existing agent plans 687

Compatibility issues with agent plans 688

Resolving compatibility issues with agent plans 689

Workload credentials 690

Adding credentials 690

Assigning credentials to a workload 691

Deleting credentials 691

Unassigning credentials from a workload 691

Working with managed workloads 692

Configuring RDP settings 692

Connecting to managed workloads for remote desktop or remote assistance 693

Connecting to a managed workload via a web client 695

Transferring files 696

Performing control actions on managed workloads 697

Monitoring workloads via screenshot transmission 698

Observing multiple managed workloads simultaneously 699

Working with unmanaged workloads 700

Connecting to unmanaged workloads via Acronis Quick Assist 700

Connecting to unmanaged workloads via IPaddress 701

Transferring files via Acronis Quick Assist 701

Using the toolbar in the Viewer window 702

Configuring the Connect Client settings 705

The remote desktop notifiers 706

Remote wipe 708

Smart protection 709

Threat feed 709

How it works 709

Deleting all alerts 712

Data protection map 712

How it works 712

15 © Acronis International GmbH, 2003-2023

Managing the detected unprotected files 712

Data protection map settings 713

Enhanced security mode 715

Limitations 715

Unsupported features 715

Setting the encryption password 715

Changing the encryption password 716

Recovering backups 716

Immutable storage 717

Immutable storage modes 717

Limitations 717

Enabling and disabling immutable storage 717

Accessing deleted backups in immutable storage 719

Device control 720

Limitation on the use of the agent for Data Loss Prevention with Hyper-V 721

Using device control 722

Enable or disable device control 722

Enabling the use of the device control module on macOS 723

View or change access settings 725

Exclude device subclasses from access control 726

Exclude individual USB devices from access control 726

View device control alerts 729

Access settings 729

OS notification and service alerts 733

Device types allowlist 734

USB devices allowlist 735

USB devices database 736

Excluding processes from access control 739

Device control alerts 741

Action field values 742

The Management tab 745

Protection plans 745

Backup plans for cloud applications 745

Backup scanning plans 746

Off-host data processing 747

Backup replication 747

Validation 750

16 © Acronis International GmbH, 2003-2023

Cleanup 756

Conversion to a virtual machine 757

The Activities tab 762

Cyber Protect Monitor 764

Bootable media 766

Custom or ready-made bootable media? 766

Linux-based or WinPE/WinRE-based bootable media? 766

Linux-based 766

WinPE/WinRE-based 766

Creating physical bootable media 767

Bootable Media Builder 768

Why use Bootable Media Builder? 768

32-bit or 64-bit? 768

Linux-based bootable media 768

Top-level object 773

Variable object 773

Control type 774

WinPE-based and WinRE-based bootable media 776

Registering the bootable media 779

Network settings 780

Connecting to a machine booted from bootable media 781

Local connection 781

Configuring network settings 781

Local operations with bootable media 782

Setting up a display mode 782

Recovery with bootable media on-premises 783

Remote operations with bootable media 783

Startup Recovery Manager 786

Monitoring 788

The Overview dashboard 788

The Activities dashboard 789

The Alerts dashboard 789

Cyber Protection 791

Protection status 791

Discovered machines 792

Endpoint Detection and Response (EDR) widgets 792

Top incident distribution per workload 793

17 © Acronis International GmbH, 2003-2023

Threat status 793

Incident severity history 794

Security incident MTTR 794

Security incident burndown 795

Detection by tactics 795

Workload network status 796

#CyberFit Score by machine 796

Disk health monitoring 797

How it works 798

Disk health widgets 798

Disk health status alerts 801

Data protection map 801

Vulnerability assessment widgets 802

Vulnerable machines 802

Existing vulnerabilities 803

Patch installation widgets 803

Patch installation status 803

Patch installation summary 804

Patch installation history 804

Missing updates by categories 804

Backup scanning details 805

Recently affected 805

Downloading data for recently affected workloads 806

Cloud applications 806

Software inventory widgets 807

Hardware inventory widgets 808

Remote sessions widget 809

Reports 810

Actions with reports 811

Reported data according to widget type 813

License management for on-premises management servers 815

Privacy settings 816

Troubleshooting 817

Appendix A. Site-to-site Open VPN - Additional information 818

Glossary 825

Index 829

18 © Acronis International GmbH, 2003-2023

Supported Cyber Protect features by operating

system

Note

This topic contains information about all Cyber Protect features and the operating systems on

which they are supported. Some features might require additional licensing, depending on the

applied licensing model.

The Cyber Protect features are supported on the following operating systems:

lWindows: Windows 7 Service Pack 1 and later, Windows Server 2008 R2 Service Pack 1 and later.

Windows Defender Antivirus management is supported on Windows 8.1 and later.

Note

To use the Cyber Protect features with Windows 7, you must install the following updates from

Microsoft before installing the protection agent:

oWindows 7 Extended Security Updates (ESU)

oKB4474419

oKB4490628

For more information on the required updates, refer to this knowledge base article.

lLinux: CentOS 6.10, 7.8+, CloudLinux 6.10, 7.8+, Ubuntu 16.04.7+, where plus refers to minor

versions of these distributions.

Other Linux distributions and versions might be supported, but have not been tested.

lmacOS: 10.13.x and later (only Antivirus and Antimalware protection, and Device control are

supported). Device control functionality is supported on macOS 10.15 and later or macOS 11.2.3

and later.

Agent for Data Loss Prevention might be installed on unsupported macOS systems because it is

an integral part of Agent for Mac. In this case, the Cyber Protect console will display that Agent for

Data Loss Prevention is installed on the computer, but the device control functionality will not

work. Device control functionality will only work on macOS systems that are supported by Agent

for Data Loss Prevention.

Note

Antimalware protection for Linux and macOS is supported only when Advanced antimalware

protection is enabled.

Important

The Cyber Protect features are only supported for machines on which a protection agent is

installed. For virtual machines protected in agentless mode, for example, by Agent for Hyper-V,

Agent for VMware, Agent for Virtuozzo Hybrid Infrastructure, Agent for Scale Computing, or Agent

for oVirt only backup is supported.

19 © Acronis International GmbH, 2003-2023

Cyber Protect features Windows Linux macOS

Default protection plans

Remote Workers Yes No No

Office Workers (third-party antivirus) Yes No No

Office Workers (Cyber Protect antivirus) Yes No No

Cyber Protect Essentials (only for Cyber

Protect Essentials edition)

Yes No No

Forensic backup

Collecting memory dump Yes No No

Snapshot of running processes Yes No No

Notarization of local image forensic backup Yes No No

Notarization of cloud image forensic backup Yes No No

Continuous data protection (CDP)

CDP for files and folders Yes No No

CDP for changed files via application

tracking

Yes No No

Autodiscovery and remote installation

Network-based discovery Yes No No

Active Directory-based discovery Yes No No

Template-based discovery (importing

machines from a file)

Yes No No

Manual adding of devices Yes No No

Active Protection

Process Injects detection Yes No No

Automatic recovery of affected files from the

local cache

Yes Yes Yes

Self-defense for Acronis backup files Yes No No

Self-defense for Acronis software Yes No Yes

(Only Active Protection

and antimalware

components)

20 © Acronis International GmbH, 2003-2023

Page is loading ...

ACRONIS Cyber Protection Service 23.03 User manual

ACRONIS Cyber Protection Service 23.03 User manual

Related papers

Other documents