Ransomware has become a major threat to cybersecurity. Security Center provides protection, generates alerts, and backs up data to protect your server from ransomware. You can create an anti-ransomware policy based on which data on your server is backed up. This topic describes how to create an anti-ransomware policy.
Prerequisites
Background information
Limits
The anti-ransomware feature is available only for the Anti-virus, Advanced, Enterprise, Ultimate, and Value-added Plan editions of Security Center. For more information about how to purchase and upgrade Security Center, see Purchase Security Center and Upgrade and downgrade Security Center.
Version description
The version of the anti-ransomware agent is upgraded to V2.0 or later. You can no longer modify the existing V1.0 anti-ransomware policies based on which the V1.X.X anti-ransomware agent is installed. After the agent upgrade, you can create only V2.0 anti-ransomware policies.
Item | V1.0 anti-ransomware policy | V2.0 anti-ransomware policy |
---|---|---|
Custom directories to be excluded | Not supported. | Supported. |
VSS | ||
Classic network | ||
Compatibility with Hybrid Backup Recovery (HBR) | ||
Backup method | Multiple data backup tasks can be run at a time, which may cause high CPU utilization. | Multiple data backup tasks can be run in sequence. |
Upgrade V1.0 anti-ransomware policies with a few clicks

- The upgrade of the anti-ransomware agent does not affect backup data. After the upgrade, your data backup tasks run as expected. If the upgrade fails, the version of the anti-ransomware agent is automatically rolled back to V1.X.X, and data backup tasks are not affected.
- For some servers, the installed anti-ransomware agent cannot be upgraded with a few clicks. In this case, we recommend that you remove the server on which the anti-ransomware agent fails to be upgraded from the anti-ransomware policy, and click Upgrade in the Actions column for the anti-ransomware policy to upgrade the policy. After the anti-ransomware policy is upgraded, reapply the anti-ransomware policy to the server that you remove. Then, the V2.X.X anti-ransomware agent is automatically installed on the server.
Data backup
- You can incrementally back up data to protect your server against ransomware. If this is the first time that you back up all data in protected directories based on an anti-ransomware policy, a large number of CPU and memory resources are consumed. To avoid negative impacts on your services, we recommend that you back up data during off-peak hours. In subsequent backups, Security Center backs up only files that are newly added, modified, or deleted. This reduces server resource consumption and prevents excessive consumption of the anti-ransomware capacity.
- Security Center starts a specific number of data backup tasks based on the versions
of anti-ransomware policies and the directories that you want to back up.
Directory to back up V1.0 anti-ransomware policy V2.0 anti-ransomware policy All directories - For a Linux server, Security Center generates only one data backup task.
- For a Windows server, Security Center generates one data backup task for each data
disk. If your Windows server has two data disks, Security Center generates two data
backup tasks. The two tasks start at the same time. Compared with a Linux server,
the Windows server consumes more CPU and memory resources during backup.
Important We recommend that you schedule the data backup tasks based on the CPU utilization and memory usage of your Windows server.
For a server, Security Center generates only one data backup task. For multiple servers, Security Center generates multiple data backup tasks and starts the tasks in sequence. This consumes less CPU and memory resources and does not affect your services. Specific directories Security Center starts one data backup task for each directory that is specified in an anti-ransomware policy. Security Center allows multiple data backup tasks to run at the same time. The tasks may consume a large number of CPU and memory resources. Important We recommend that you specify an appropriate number of directories in the anti-ransomware policy based on your business requirements.
Create an anti-ransomware policy
Before you create an anti-ransomware policy, make sure the operating system version of your server is supported by anti-ransomware for servers. If the operating system version is not supported, the data of your server cannot be backed up. For more information about supported operating system versions, see Operating systems and versions supported by anti-ransomware for servers.
After you create an anti-ransomware policy, we recommend that you monitor the status of the anti-ransomware agent and handle the exceptions on the agent in a timely manner. This ensures that the data backup tasks and restoration tasks run as expected. For more information, see View the status of the anti-ransomware agent.
What to do next
- View the status of the anti-ransomware agent
After the anti-ransomware policy is created, you must check the status of the anti-ransomware agent that is installed on the servers protected by the anti-ransomware policy and make sure that the anti-ransomware agent is in the Client online state. To check the status of the anti-ransomware agent, go to the Server extortion virus protection tab of the Anti-blackmail page, find the anti-ransomware policy, and then click the
icon next to the policy name. In the list of servers that are protected by the anti-ransomware policy, view the agent status in the Status column. Security Center can back up data for the servers only if the anti-ransomware agent is in the Client online state.
If the status of the anti-ransomware agent is Not Installed, failed, or Exception, data backup fails. You must identify the cause of the exception to the anti-ransomware agent and handle the exception.Note If the status of the anti-ransomware agent is Exception, errors may occur during data backup or data restoration. If errors occur during data restoration, data backup tasks are not affected. You can handle the exception as prompted.You can use one of the following methods to handle the exception:- Follow the instructions on the Anti-blackmail page.
- Submit a ticket for consultation and start a live chat for support.
- Manually install the anti-ransomware agent
After the anti-ransomware policy is created, Security Center automatically installs the anti-ransomware agent on your server. If your server is not started or is configured with specific firewall policies, Security Center may fail to install the anti-ransomware agent on the server. If the anti-ransomware agent fails to be installed, you must identify the cause and resolve the issue. Then, install the anti-ransomware agent on the server. For more information about how to manually install the anti-ransomware agent, see Manage servers that are added to an anti-ransomware policy.
- Uninstall the anti-ransomware agent
If the status of the anti-ransomware agent that is installed on the server in the anti-ransomware policy is Exception or failed, you can click Uninstall in the Actions column for the server to uninstall the anti-ransomware agent. Then, reinstall the anti-ransomware agent on the server.Note If you uninstall the anti-ransomware agent within the period specified by the Backup data retention period parameter, Security Center does not delete the data that the anti-ransomware agent backs up. If you uninstall the anti-ransomware agent in the time that is not within the period specified by the Backup data retention period parameter, Security Center deletes the backup data of the server.
- Delete the anti-ransomware agent
If a server no longer requires the anti-ransomware policy, you can delete the anti-ransomware agent from the server. If you delete the anti-ransomware agent from the server, the server is deleted from the list of servers that use the anti-ransomware policy, and the backup data of the server is deleted. After the backup data on the server is deleted, Security Center releases the anti-ransomware capacity. The anti-ransomware capacity is updated within 24 to 72 hours after the release. We recommend that you do not run out of the anti-ransomware capacity. If the anti-ransomware capacity is used up, data backup tasks stop, and a full backup is performed. This significantly increases the resource usage of the server.Important If the anti-ransomware agent is deleted from your server, the backup data on your server is also deleted. Deleted backup data cannot be recovered. Proceed with caution.