Page is loading ...
Cyber Protection
23.07
R E V I S I O N : 7 / 2 1 / 2 0 2 3
User Guide
acronis.com
Table of contents
Getting started with Cyber Protection 18
Quick start guide 18
Activating the account 18
Password requirements 18
Two-factor authentication 18
Privacy settings 20
Accessing the Cyber Protection service 21
Software requirements 22
Supported web browsers 22
Supported operating systems and environments 22
Supported Microsoft SQL Server versions 28
Supported Microsoft Exchange Server versions 28
Supported Microsoft SharePoint versions 29
Supported Oracle Database versions 29
Supported SAP HANA versions 29
Supported MySQL versions 29
Supported MariaDB versions 29
Supported virtualization platforms 30
Compatibility with encryption software 37
Compatibility with Dell EMC Data Domain storages 38
Supported protection features by operating system 39
Supported operating systems and versions 39
Supported file systems 47
Installing and deploying Cyber Protection agents 51
Preparation 51
Step 1 51
Step 2 51
Step 3 51
Step 4 51
Step 5 52
Step 6 53
Which agent do I need? 53
Agent-based and agentless backup 57
Which backup type do I need? 57
System requirements for agents 57
2 © Acronis International GmbH, 2003-2023
Linux packages 60
Are the required packages already installed? 60
Installing the packages from the repository 61
Installing the packages manually 62
Proxy server settings 63
In Windows 63
In Linux 65
In macOS 66
In bootable media 67
Installing protection agents 67
Downloading protection agents 67
Installing protection agents in Windows 67
Installing protection agents in Linux 70
Installing protection agents in macOS 72
Granting the required system permissions to the Connect Agent 73
Changing the logon account on Windows machines 75
Dynamic installation and uninstallation of components 76
Unattended installation or uninstallation 77
Unattended installation or uninstallation in Windows 77
Unattended installation or uninstallation in Linux 84
Unattended installation and uninstallation in macOS 89
Registering and unregistering workloads manually 99
Passwords with special characters or blank spaces 103
Changing the registration of a workload 103
Autodiscovery of machines 104
Prerequisites 104
How autodiscovery works 104
How remote installation of agents works 106
Autodiscovery and manual discovery 107
Managing discovered machines 111
Troubleshooting 112
Deploying Agent for VMware (Virtual Appliance) 113
Before you start 113
Deploying the OVF template 114
Configuring the virtual appliance 114
Deploying Agent for Scale Computing HC3 (Virtual Appliance) 117
Before you start 117
3 © Acronis International GmbH, 2003-2023
Deploying the QCOW2 template 118
Configuring the virtual appliance 119
Agent for Scale Computing HC3 – required roles 121
Deploying Agent for Virtuozzo Hybrid Infrastructure (Virtual Appliance) 122
Before you start 122
Configuring networks in Virtuozzo Hybrid Infrastructure 123
Configuring user accounts in Virtuozzo Hybrid Infrastructure 124
Deploying the QCOW2 template 126
Configuring the virtual appliance 127
Deploying Agent for oVirt (Virtual Appliance) 130
Before you start 130
Deploying the OVA template 131
Configuring the virtual appliance 132
Agent for oVirt – required roles and ports 135
Deploying Agent for Synology 136
Before you start 136
Downloading the setup program 137
Installing Agent for Synology 137
Updating Agent for Synology 138
Deploying agents through Group Policy 139
Prerequisites 139
Generating a registration token 139
Creating the transform file and extracting the installation packages 142
Setting up the Group Policy object 143
Accessing virtual appliances via the SSH protocol 143
Updating agents 144
Updating agents manually 145
Updating agents automatically 147
Preventing unauthorized uninstallation or modification of agents 149
Uninstalling agents 150
Protection settings 151
Automatic updates for components 151
Updating the Cyber Protection definitions by schedule 152
Updating the Cyber Protection definitions on-demand 153
Cache storage 153
Changing the service quota of machines 153
Cyber Protection services installed in your environment 155
4 © Acronis International GmbH, 2003-2023
Services installed in Windows 155
Services installed in macOS 155
Saving an agent log file 155
Site-to-site Open VPN - Additional information 156
License management for on-premises management servers 162
Defining how and what to protect 163
The Management tab 163
Protection plans 163
Backup plans for cloud applications 164
Backup scanning plans 164
Off-host data processing 165
VM heartbeat 172
Screenshot validation 172
Intermediate snapshots 179
Protection plans and modules 179
Creating a protection plan 180
Actions with protection plans 181
Resolving plan conflicts 185
Default protection plans 186
Individual protection plans for hosting control panel integrations 192
#CyberFit Score for machines 192
How it works 193
Running a #CyberFit Score scan 197
Cyber Scripting 199
Prerequisites 199
Limitations 199
Scripts 199
Script repository 205
Scripting plans 205
Script quick run 214
User roles and Cyber Scripting rights 215
Protection of collaboration and communication applications 217
Understanding your current level of protection 218
Monitoring 218
The Overview dashboard 218
The Activities dashboard 219
The Alerts dashboard 220
5 © Acronis International GmbH, 2003-2023
Alert types 221
Alert widgets 239
Cyber Protection 240
Protection status 240
Endpoint Detection and Response (EDR) widgets 241
#CyberFit Score by machine 245
Disk health monitoring 246
Data protection map 250
Vulnerability assessment widgets 251
Patch installation widgets 252
Backup scanning details 254
Recently affected 254
Cloud applications 255
Software inventory widgets 256
Hardware inventory widgets 257
Remote sessions widget 258
Smart protection 258
The Activities tab 264
Cyber Protect Monitor 265
Reports 267
Actions with reports 268
Reported data according to widget type 270
Managing workloads in the Cyber Protect console 272
The Cyber Protect console 272
What's new in the Cyber Protect console 273
Using the Cyber Protect console as a partner administrator 273
Workloads 277
Adding workloads to the Cyber Protect console 279
Removing workloads from the Cyber Protect console 284
Device groups 287
Built-in groups and custom groups 288
Static groups and dynamic groups 288
Cloud-to-cloud groups and non-cloud-to-cloud groups 289
Creating a static group 290
Adding workloads to a static group 291
Creating a dynamic group 292
Editing a dynamic group 307
6 © Acronis International GmbH, 2003-2023
Deleting a group 308
Applying a plan to a group 308
Revoking a plan from a group 309
Working with the Device control module 309
Using device control 312
Access settings 318
Device types allowlist 323
USB devices allowlist 324
Excluding processes from access control 328
Device control alerts 330
Wiping data from a managed workload 333
Managing the isolation of workloads 334
Isolating a workload from the network 334
Managing network exclusions 336
Viewing workloads managed by RMM integrations 337
Linking workloads to specific users 338
Find the last logged in user 338
Managing the backup and recovery of workloads and files 340
Backup 340
Protection plan cheat sheet 342
Selecting data to back up 344
Selecting entire machine 344
Selecting disks/volumes 345
Selecting files/folders 348
Selecting system state 350
Selecting ESXi configuration 350
Continuous data protection (CDP) 351
How it works 352
Supported data sources 353
Supported destinations 354
Configuring a CDP backup 354
Selecting a destination 355
Advanced storage option 356
About Secure Zone 357
Schedule 360
Backup schemes 360
Additional scheduling options 361
7 © Acronis International GmbH, 2003-2023
Schedule by events 363
Start conditions 365
Retention rules 371
What else you need to know 372
Replication 372
Usage examples 373
Supported locations 373
Encryption 374
Encryption in a protection plan 374
Encryption as a machine property 375
How the encryption works 376
Notarization 376
How to use notarization 377
How it works 377
Starting a backup manually 377
Default backup options 377
Backup options 378
Availability of the backup options 378
Alerts 381
Backup consolidation 381
Backup file name 382
Backup format 385
Backup validation 387
Changed block tracking (CBT) 387
Cluster backup mode 388
Compression level 389
Error handling 389
Fast incremental/differential backup 391
File filters (Inclusions/Exclusions) 391
File-level backup snapshot 393
Forensic data 393
Log truncation 402
LVM snapshotting 402
Mount points 403
Multi-volume snapshot 403
One-click recovery 404
Performance and backup window 409
8 © Acronis International GmbH, 2003-2023
Physical Data Shipping 412
Pre/Post commands 413
Pre/Post data capture commands 415
Scheduling 418
Sector-by-sector backup 418
Splitting 419
Task failure handling 419
Task start conditions 420
Volume Shadow Copy Service (VSS) 420
Volume Shadow Copy Service (VSS) for virtual machines 422
Weekly backup 423
Windows event log 423
Recovery 423
Recovery cheat sheet 423
Safe recovery 425
Recovering a machine 426
Prepare drivers 435
Check access to the drivers in bootable environment 435
Automatic driver search 436
Mass storage drivers to install anyway 436
Recovering files 438
Recovering system state 444
Recovering ESXi configuration 444
Recovery options 445
Operations with backups 453
The Backup storage tab 453
Mounting volumes from a backup 455
Validating backups 456
Exporting backups 457
Deleting backups 458
Operations with indexes in cloud-to-cloud backups 459
Protecting Microsoft applications 460
Protecting Microsoft SQL Server and Microsoft Exchange Server 460
Protecting Microsoft SharePoint 460
Protecting a domain controller 461
Recovering applications 461
Prerequisites 461
9 © Acronis International GmbH, 2003-2023
Database backup 464
Application-aware backup 469
Mailbox backup 471
Recovering SQL databases 473
Recovering Exchange databases 480
Recovering Exchange mailboxes and mailbox items 483
Changing the SQL Server or Exchange Server access credentials 489
Protecting mobile devices 489
Supported mobile devices 489
What you can back up 490
What you need to know 490
Where to get the Cyber Protect app 491
How to start backing up your data 491
How to recover data to a mobile device 491
How to review data via the Cyber Protect console 492
Protecting Hosted Exchange data 493
What items can be backed up? 493
What items can be recovered? 493
Selecting mailboxes 494
Recovering mailboxes and mailbox items 494
Protecting Microsoft 365 data 496
Why back up Microsoft 365 data? 496
Agent for Microsoft 365 497
Limitations 499
Required user rights 499
Microsoft 365 seats licensing report 500
Logging 500
Using the locally installed Agent for Office 365 500
Using the cloud Agent for Microsoft 365 505
Protecting Google Workspace data 534
What does Google Workspace protection mean? 534
Required user rights 534
About the backup schedule 535
Limitations 535
Logging 535
Adding a Google Workspace organization 536
Creating a personal Google Cloud project 537
10 © Acronis International GmbH, 2003-2023
Discovering Google Workspace resources 539
Setting the frequency of Google Workspace backups 540
Protecting Gmail data 541
Protecting Google Drive files 545
Protecting Shared drive files 549
Notarization 552
Protecting Oracle Database 553
Protecting SAP HANA 554
Protecting MySQL and MariaDB data 554
Configuring an application-aware backup 555
Recovering data from an application-aware backup 556
Protecting websites and hosting servers 560
Protecting websites 560
Protecting web hosting servers 563
Special operations with virtual machines 564
Running a virtual machine from a backup (Instant Restore) 564
Working in VMware vSphere 567
Backing up clustered Hyper-V machines 585
Limiting the total number of simultaneously backed-up virtual machines 585
Machine migration 587
Microsoft Azure and Amazon EC2 virtual machines 588
Creating bootable media to recover operating systems 589
Custom or ready-made bootable media? 589
Linux-based or WinPE/WinRE-based bootable media? 589
Creating physical bootable media 590
Bootable Media Builder 591
Recovery from the cloud storage 595
Recovery from a network share 595
Files of a script 595
Structure of autostart.json 596
Top-level object 596
Variable object 596
Control type 598
Connecting to a machine booted from bootable media 604
Local operations with bootable media 605
Remote operations with bootable media 606
Startup Recovery Manager 609
11 © Acronis International GmbH, 2003-2023
Implementing disaster recovery 611
About Cyber Disaster Recovery Cloud 611
The key functionality 611
Software requirements 612
Supported operating systems 612
Supported virtualization platforms 612
Limitations 613
Cyber Disaster Recovery Cloud trial version 614
Compute points 614
Setting up the disaster recovery functionality 615
Create a disaster recovery protection plan 616
Editing the Recovery server default parameters 617
Cloud network infrastructure 618
Setting up connectivity 619
Networking concepts 619
Initial connectivity configuration 630
Prerequisites 632
Network management 638
Prerequisites 653
Setting up recovery servers 654
Creating a recovery server 654
How failover works 657
How failback works 663
Working with encrypted backups 671
Operations with Microsoft Azure virtual machines 671
Setting up primary servers 671
Creating a primary server 672
Operations with a primary server 674
Managing the cloud servers 674
Firewall rules for cloud servers 675
Setting firewall rules for cloud servers 676
Checking the cloud firewall activities 678
Backing up the cloud servers 679
Orchestration (runbooks) 679
Why use runbooks? 679
Creating a runbook 680
Operations with runbooks 681
12 © Acronis International GmbH, 2003-2023
Configuring your antivirus and antimalware protection 684
Supported platforms 684
Supported features per platform 685
Antivirus and antimalware protection 687
Antimalware features 688
Scanning types 688
Antivirus and antimalware protection settings 689
Tips and tricks for the protection exclusions 700
Active Protection in the Cyber Backup Standard edition 701
Active protection settings in Cyber Backup Standard 701
URL filtering 707
How it works 707
URL filtering configuration workflow 709
URL filtering settings 709
Description 715
Microsoft Defender Antivirus and Microsoft Security Essentials 715
Schedule scan 716
Default actions 716
Real-time protection 717
Advanced 717
Exclusions 718
Firewall management 718
Quarantine 719
How do files get into the quarantine folder? 719
Managing quarantined files 720
Quarantine location on machines 720
Self-service custom folder on-demand 721
Corporate whitelist 721
Automatic adding to the whitelist 721
Manual adding to the whitelist 721
Adding quarantined files to the whitelist 722
Whitelist settings 722
Viewing details about items in the whitelist 722
Antimalware scan of backups 722
Limitations 723
Working with Advanced protection features 725
Advanced Data Loss Prevention 726
13 © Acronis International GmbH, 2003-2023
Creating the data flow policy and policy rules 727
Enabling Advanced Data Loss Prevention in protection plans 735
Automated detection of destination 738
Sensitive data definitions 739
Data Loss Prevention events 744
Advanced Data Loss Prevention widgets on the Overview dashboard 746
Custom sensitivity categories 747
Known issues and limitations 748
Endpoint Detection and Response (EDR) 749
Why you need Endpoint Detection and Response (EDR) 749
Enabling Endpoint Detection and Response (EDR) functionality 752
How to use Endpoint Detection and Response (EDR) 753
Viewing which incidents are currently not mitigated 757
Understanding the scope and impact of incidents 758
How to navigate attack stages 766
Assessing vulnerabilities and managing patches 799
Vulnerability assessment 799
Supported Microsoft and third-party products 799
Supported Apple and third-party products 801
Supported Linux products 802
Vulnerability assessment settings 802
Vulnerability assessment for Windows machines 803
Vulnerability assessment for Linux machines 804
Vulnerability assessment for macOS devices 804
Managing found vulnerabilities 805
Patch management 806
How it works 807
Patch management settings 808
Managing list of patches 811
Automatic patch approval 812
Manual patch approval 815
On-demand patch installation 815
Patch lifetime in the list 816
Managing your software and hardware inventory 817
Software inventory 817
Enabling the software inventory scanning 817
Running a software inventory scan manually 818
14 © Acronis International GmbH, 2003-2023
Browsing the software inventory 818
Viewing the software inventory of a single device 820
Hardware inventory 821
Enabling the hardware inventory scanning 821
Running a hardware inventory scan manually 822
Browsing the hardware inventory 822
Viewing the hardware of a single device 825
Connecting to workloads for remote desktop or remote assistance 827
Supported remote desktop and assistance features 828
Supported platforms 831
Remote connection protocols 832
NEAR 832
RDP 833
Screen sharing 833
Remote sound redirection 833
Connections to remote workloads for remote desktop or remote assistance 834
Connecting to remote workloads via RDP 835
Remote management plans 836
Creating a remote management plan 836
Adding a workload to a remote management plan 843
Removing workloads from a remote management plan 844
Additional operations with existing remote management plans 844
Compatibility issues with remote management plans 846
Resolving compatibility issues with remote management plans 846
Workload credentials 848
Adding credentials 848
Assigning credentials to a workload 849
Deleting credentials 849
Unassigning credentials from a workload 849
Working with managed workloads 849
Configuring RDP settings 850
Connecting to managed workloads for remote desktop or remote assistance 850
Connecting to a managed workload via a web client 852
Transferring files 853
Performing control actions on managed workloads 854
Monitoring workloads via screenshot transmission 855
Observing multiple managed workloads simultaneously 856
15 © Acronis International GmbH, 2003-2023
Working with unmanaged workloads 857
Connecting to unmanaged workloads via Acronis Quick Assist 858
Connecting to unmanaged workloads via IPaddress 858
Transferring files via Acronis Quick Assist 859
Using the toolbar in the Viewer window 860
Configuring the Connect Client settings 862
The remote desktop notifiers 863
Monitoring the health and performance of workloads 865
Monitoring plans 865
Monitoring types 865
Anomaly-based monitoring 865
Supported platforms for monitoring 866
Configurable monitors 866
Settings of the Disk space monitor 870
Settings of the CPU temperature monitor 873
Settings of the GPU temperature monitor 874
Settings of the Hardware changes monitor 876
Settings of the CPUusage monitor 876
Settings of the Memory usage monitor 878
Settings of the Disk transfer rate monitor 880
Settings of the Network usage monitor 882
Settings of the CPUusage by process monitor 885
Settings of the Memory usage by process monitor 885
Settings of the Disk transfer rate by process monitor 886
Settings of the Network usage by process monitor 887
Settings of the Windows service status monitor 889
Settings of the Process status monitor 889
Settings of the Installed software monitor 890
Settings of the Last system restart monitor 890
Settings of the Windows event log monitor 890
Settings of the Files and folders size monitor 892
Settings of the Windows Update status monitor 893
Settings of the Firewall status monitor 893
Settings of the Failed logins monitor 893
Settings of the Antimalware software status monitor 894
Settings of the AutoRun feature status monitor 894
Settings of the Custom monitor 894
16 © Acronis International GmbH, 2003-2023
Monitoring plans 895
Creating a monitoring plan 896
Adding workloads to monitoring plans 898
Revoking monitoring plans 898
Configuring automatic response actions 899
Additional operations with monitoring plans 901
Compatibility issues with monitoring plans 903
Resolving compatibility issues with monitoring plans 903
Resetting the machine learning models 904
Monitoring alerts 905
Configuring monitoring alerts 905
Monitoring alert variables 906
Manual response actions 909
Viewing the alert log of monitoring alerts 911
Email notification policies 912
Browsing monitor data 912
Monitor widgets 913
Additional Cyber Protection tools 916
Enhanced security mode 916
Limitations 916
Unsupported features 916
Setting the encryption password 916
Changing the encryption password 917
Recovering backups for tenants in the Enhanced security mode 917
Immutable storage 918
Immutable storage modes 918
Limitations 918
Enabling and disabling immutable storage 918
Accessing deleted backups in immutable storage 920
Glossary 921
Index 925
17 © Acronis International GmbH, 2003-2023
Getting started with Cyber Protection
Quick start guide
Activating the account
When an administrator creates an account for you, an email message is sent to your email address.
The message contains the following information:
lYour login. This is the user name that you use to log in. Your login is also shown on the account
activation page.
lActivate account button. Click the button and set the password for your account. Ensure that
your password is at least nine characters long. For more information about the password, refer to
"Password requirements" (p. 18).
If your administrator has enabled two-factor authentication, you will be prompted to set it up for
your account. For more information about it, refer to "Two-factor authentication" (p. 18).
Password requirements
The password for a user account must be at least 9 characters long. Passwords are also checked for
complexity, and fall into one of the following categories:
lWeak
lMedium
lStrong
You cannot save a weak password, even though it might contain 9 characters or more. Passwords
that repeat the user name, the login, the user email, or the name of the tenant to which a user
account belongs are always considered weak. Most common passwords are also considered weak.
To strengthen a password, add more characters to it. Using different types of characters, such as
digits, uppercase and lowercase letters, and special characters, is not mandatory but it results in
stronger passwords that are also shorter.
Two-factor authentication
Two-factor authentication provides extra protection from unauthorized access to your account.
When two-factor authentication is set up, you are required to enter your password (the first factor)
and a one-time code (the second factor) to log in to the Cyber Protect console. The one-time code is
generated by a special application that must be installed on your mobile phone or another device
that belongs to you. Even if someone finds out your login and password, they still will not be able to
login without access to your second-factor device.
To set up two-factor authentication for your account
18 © Acronis International GmbH, 2003-2023
You must configure two-factor authentication for your account when two-factor authentication is
enabled by an administrator for your organization. If two-factor authentication is enabled while you
are logged in to the Cyber Protect console, you will have to configure it when your current session
expires.
Prerequisites:
lTwo-factor authentication is enabled for your organization by an administrator.
To set up two-factor authentication for your account:
1. Install an authenticator app on your mobile device.
Examples of authenticator apps:
lTwilio Authy
lMicrosoft Authenticator
lGoogle Authenticator
2. Scan the QR code using your authenticator app, and then enter the 6-digit code displayed on the
authenticator app in the Set up two-factor authentication window.
3. Click Next. The instructions on how to restore your access to your account if you lose your 2FA
device or uninstall the authenticator app are displayed.
4. Save or print the PDF file.
Note
Make sure to save it in a safe place or print it for further reference. This is the best way to
restore your access.
5. Return to the Cyber Protect console login page and enter the generated code.
A one-time code is valid for 30 seconds. If you wait longer than 30 seconds, use the next
generated code.
When logging in the next time, you can select the check box Trust this browser.... If you do this, the
one-time code will not be required when you log in by using this browser on this machine.
Note
It is not recommended to select this check box, because you will lose the access to 2FA for your
account.
To restore two-factor authentication on a new device (2FA):
If you have access to the previously set-up mobile authentication app:
1. Install an authenticator app on your new device.
2. Use the PDF file that you saved when you set up 2FA on your device. This file contains the 32-
digit code that has to be entered in the authenticator app to link the authenticator app again to
your Acronis account.
19 © Acronis International GmbH, 2003-2023
Important
If the code is correct but it is not working, ensure that the time in the authenticator mobile app it
is synced with your device.
If you missed saving the PDF file during the setup:
a. Click Reset 2FA, and then enter the one-time password shown in the mobile authenticator app.
b. Follow the on-screen instructions.
If you have no access to the previously set-up mobile authenticator app:
1. Take a new mobile device.
2. Use the stored PDF file to link a new device (default name of the file is cyberprotect-2fa-
backupcode.pdf).
3. Restore access to your account from backup. Ensure that backups are supported by your mobile
app.
4. Open the app under the same account from another mobile device if it's supported by the app.
Privacy settings
Privacy settings help you indicate whether or not you give consent for the collection, use and
disclosure of your personal information.
Depending on the country in which you are using Cyber Protect Cloud and the Cyber Protect Cloud
data center that provides services to you, on the initial launch of Cyber Protect Cloud you may be
asked to confirm whether you agree to use Google Analytics in Cyber Protect Cloud.
Google Analytics helps us better understand user behavior and improve user experience in Cyber
Protect Cloud by collecting pseudonymized data.
If you enabled or refused to enable Google Analytics on the initial launch of Cyber Protect Cloud,
you can change your decision at any time later.
To enable or disable Google Analytics
1. In the Cyber Protect console, click Manage account.
2. Click the account icon in the upper-right corner.
3. Select My privacy settings. The My privacy settings window is displayed.
4. In the Google Analytics data collection section, click one of the following buttons:
lOn to enable Google Analytics
lOff to disable Google Analytics
5. In the How to delete cookies section, you can control and manage cookies directly in your
browser.
20 © Acronis International GmbH, 2003-2023
/
