If the data on your servers has been encrypted by ransomware, you can create a restoration task to restore the encrypted data and reduce losses. This topic describes how to create a restoration task, view the task status, purchase additional anti-ransomware capacity, and delete backup data.


A protection policy is created and server data can be backed up based on the protection policy. To create a restoration task, make sure that the following requirements are met:
  • The number of Recoverable Version in the protection policy is not zero.
  • The Security Center agent is enabled.

Background information

Security Center backs up the server data based on the protection policy you created. If you use the recommended policy, you can select a version that has been backed up to restore the data on the current server.


  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Defense > Anti-ransomware.
  3. On the General anti-ransomware solutions page, find the protection policy that is applied to a restoration task and click theHide/Show icon icon.
  4. Find the server whose data you want to restore and click Restore in the Actions column. Restore
    You can also click the number in the Recoverable Versions column to go to the Restoration page. Recoverable Versions
  5. On the Restoration page, configure the following parameters: Select a restored version, Select a restore file, and Recovery directory address. Create a restoration task
    Sample values of the Recovery directory address parameter in a Windows system and a Linux system:
    • Windows: D:\Documents\Restore
    • Linux: /home/Restore
    Note The Recovery directory address parameter specifies the folder where you want to restore the server data. The backup data is restored on the cloud. After you create a restoration task, the files are restored to the directory specified by the Recovery directory address parameter. If the specified directory does not exist, Security Center fails to complete the restoration task. We recommend that you specify a valid directory.
  6. Click Determine.
    After you create a restoration task, you will receive a message that shows The Restore task is created.


  • View the status of a restoration task
    In the Restore Tasks panel, you can view the restoration task status, the total number of restored files, and the number of files that failed to be restored. If a restoration task fails, you can view the causes of the failure. If the restoration task fails due to an invalid directory, you must recreate a restoration task to restore data again. View the status of a restoration task
  • Purchase additional anti-ransomware capacity
    Insufficient anti-ransomware capacity leads to backup failures. We recommend that you purchase sufficient anti-ransomware capacity to prevent backup failures. On the General anti-ransomware solutions page, you can view the used and total anti-ransomware capacity. To purchase additional anti-ransomware capacity, click Upgrade and increase the anti-ransomware capacity on the Upgrade/Downgrade page. You can also delete backup data to release capacity.
    Note We recommend that you evaluate the anti-ransomware capacity that you need to purchase based on the size of backup data on your servers.
    Purchase additional anti-ransomware capacity
  • Delete backup data
    • Deleted backup data cannot be restored. Proceed with caution.
    • After you delete backup data, the capacity is released 24 to 72 hours later.
    • You cannot delete the latest version of the backup data. If you want to delete the latest version of the backup data, first uninstall the anti-ransomware client from your server and remove the server on which the protection policy applies.
    You can delete backup data that is no longer required. In the Recoverable Version panel, find the data that you want to delete and click Delete. After the backup data is deleted, the capacity is released. Delete backup data