Anti-ransomware backup caches data in server memory and on disk before uploading it to the cloud. Backing up large numbers of files or very large files — or abnormal client behavior — can push resource usage high enough to trigger alerts or cause backup failures.
This topic covers two scenarios: insufficient disk space and high memory usage (OOM). For each scenario, it explains the cause and the available solutions.
The anti-ransomware feature and Cloud Backup share the same client. Configuration changes to the anti-ransomware client also apply to Cloud Backup. Assess the impact on Cloud Backup before adjusting any settings.
Before you start
Check these items first. Any one of them may resolve the issue without further troubleshooting:
Upgrade to the latest anti-ransomware client. The latest version automatically excludes mounted directories, a common cause of high memory usage.
Check whether the protected directory includes network-mounted paths such as OSS or NAS. If so, remove them. See Exclude network-mounted paths.
Check whether a backup network bandwidth limit is set. No limit means unconstrained throughput, which increases memory and disk usage.
Confirm that the server has enough free disk space. The backup cache requires at least
file_cache_disk_free_space_hint(default: 1 GB) of free space at all times.
Insufficient disk space
Symptoms and cause
The backup cache directory consumes a large amount of disk space, triggering alerts or causing backup failures.
Under normal conditions, the cache is temporary: once backup data uploads to the cloud, the local cache is deleted automatically. Excessive usage occurs when:
The backup set contains a very large number of files or very large individual files.
The client runs abnormally and cached data is not cleaned up.
Modify backup cache settings
Change the cache location and configure cache parameters in the hbr.config file.
Prerequisites
Administrative access to the server.
The anti-ransomware client installation directory. See View client installation directory.
Procedure
If client self-protection is enabled, disable it first:
Log on to the .
In the left navigation pane, choose Assets > Host. In the upper-left corner, select the region where your assets reside: Chinese Mainland or Outside Chinese Mainland.
On the Host Assets page, click View in the Actions column for the target server.
In the Defense Status section, turn off the client self-protection toggle.
Log on to the server with administrative permissions.
Go to the anti-ransomware client installation directory (default:
../client) and create anhbr.configfile if it does not already exist.Add the cache parameters below to
hbr.configand save the file.
No service restart is required — settings take effect immediately. The new settings apply only to new backup tasks; they do not affect tasks already in progress.
Example `hbr.config`
disable_blob_cache = false
max_blob_cache_weight = 0.15
cache_prefix = D:\CacheFolder
max_retain_count = 16
disable_file_cache = false
file_cache_max_size_hint = 32GB
file_cache_disk_free_space_hint = 1GB
file_cache_max_retain_count = 2Parameter reference
| Parameter | Description | Default |
|---|---|---|
disable_blob_cache | Controls data ID caching. false enables caching (reduces network requests and speeds up backup). true disables it. | — |
max_blob_cache_weight | Maximum percentage of total system memory used for data ID caching. Valid range: (0, 1). | 0.15 (15%) |
cache_prefix | Absolute path where cache files are stored. Use this to move the cache off a full or small disk. | — |
max_retain_count | Maximum number of data ID cache entries to retain. | 16 |
disable_file_cache | Controls metadata caching. false enables caching. true disables it. | — |
file_cache_max_size_hint | Maximum disk space for the file cache. If the cache exceeds this limit, the backup fails with an insufficient cache space error. Requires client version 2.13.1 or later. | 32 GB |
file_cache_disk_free_space_hint | Minimum free disk space required for file caching. If free space drops below this value, the backup fails with an insufficient cache space error. Requires client version 2.13.1 or later. | 1 GB |
file_cache_max_retain_count | Number of file cache entries retained per backup path. A value of 2 keeps the two most recent backups, so you can still restore from the previous backup after deleting the latest one. Requires client version 2.13.1 or later. | 2 |
Estimating required disk space
Backing up 10 million files typically requires about 1.5 GB of cache space (actual usage varies by file count, total data size, and full path length). During a backup, one additional cache is created.
Use this formula to estimate total disk space needed:
Required disk space = 1.5 GB × (file_cache_max_retain_count + 1) + file_cache_disk_free_space_hintFor example, with the default values (file_cache_max_retain_count = 2, file_cache_disk_free_space_hint = 1 GB):
1.5 GB × (2 + 1) + 1 GB = 5.5 GBHigh memory usage (OOM)
Symptoms and cause
The backup task status is Failed and the error message shows OOM (out of memory). The hbrclient process consumes large amounts of memory while running and typically terminates after the task ends.
Common causes:
The protected directory includes network-mounted paths (OSS or NAS mounted on an ECS instance), causing frequent data access.
No backup network bandwidth limit is set, leading to excessive throughput.
The server does not have enough memory for the volume of data being backed up.
Solutions
Apply one or more of the following solutions based on your situation.
Exclude network-mounted paths
Do not add network-mounted paths — such as OSS or NAS mounted on an Elastic Compute Service (ECS) instance — to the anti-ransomware protected directory. Frequent access to these paths increases memory usage and incurs extra API call fees.
Instead:
Use Cloud Backup for OSS and NAS data. Cloud Backup has dedicated support for these storage types. For OSS, see Get started with OSS backup. For NAS, see Get started with on-premises NAS backup.
Upgrade the client. The latest anti-ransomware client automatically excludes mounted directories.
Split the protected directory
Split the protected directory in your anti-ransomware policy into multiple subdirectories. Within the same policy, backup tasks run sequentially for each subdirectory — so each task covers less data and uses fewer resources.
For example, split /user/bin into multiple subdirectories. For instructions, see Manage anti-ransomware policies.
Splitting the protected directory does not affect restoration of previously backed-up data. Security Center runs backup tasks for each subdirectory going forward.
Limit backup network bandwidth
Limiting throughput reduces disk, memory, and CPU usage. In the Edit Anti-ransomware Policy panel, set the Maximum Backup Network Bandwidth to a value that fits your environment. For instructions, see Manage anti-ransomware policies.
Setting Maximum Backup Network Bandwidth to 0 removes all limits.
Increase CPU allocation for backup tasks
If the server has enough resources for the backup workload, allocate more CPU cores to backup tasks. More cores improve concurrent processing, shorten backup time, and reduce cumulative memory usage.
Assess current system load thoroughly before increasing CPU allocation. Make sure the system can handle the additional workload.
To set the CPU allocation, add cpu_max_procs to the hbr.config file in the client installation directory (default: ../client). For example, to use 2 cores on an 8-core server:
cpu_max_procs = 2If hbr.config does not exist, create the file and add this line. The setting takes effect when the next backup task starts.
For default installation directories, see View client installation directory.
Upgrade the server's memory
Large backup volumes require more memory. If the server consistently runs out of memory during backups, upgrade its memory configuration.
For hardware requirements, see Resource requirements for backups.
For ECS instances, upgrade the instance type. See Change instance types.
Appendix: View client version and installation directory
View client version
View the anti-ransomware client version on the Protection Configuration > Host Protection > Anti-ransomware page.
View client installation directory
| Client version | Operating system | Default installation directory |
|---|---|---|
| 1.X.X | Windows | C:\Program Files (x86)\Alibaba\Aegis\hbr\client |
| 1.X.X | Linux | /usr/local/aegis/hbr/client |
| 2.X.X | Windows | C:\Program Files (x86)\Alibaba\Aegis\hbrclient\client |
| 2.X.X | Linux | /usr/local/aegis/hbrclient/client |
FAQ
The anti-ransomware backup cache is using too much space on drive C. Can I move the cache to a different location?
Yes. Set the cache_prefix parameter in the hbr.config file to an absolute path on a different drive or disk. See Modify backup cache settings.
My anti-ransomware data protection capacity is insufficient. What should I do?
Insufficient capacity causes backup failures and prevents data restoration. Resolve it by scaling out or releasing capacity.
Scale out capacity
Log on to the Security Center console.
In the left navigation pane, choose Protection Configuration > Host Protection > Anti-ransomware. Select the region where your assets reside: Chinese Mainland or Outside Chinese Mainland.
On the Anti-ransomware page, click Used Capacity/Total Capacity, then click Upgrade.
Allocate at least 50 GB of data protection capacity per server.
Release capacity
Remove non-production servers. Remove test or idle servers from your anti-ransomware policies to free up capacity. See Manage servers in anti-ransomware policies.
Reduce protected directories. When creating a policy, select Custom Policy and back up only the directories you need. See Create anti-ransomware policies and install clients.
Delete historical backup data. After confirming you no longer need historical backups, delete them to release capacity. See Delete backed-up data.
Contact us
If the solutions above do not resolve the issue, contact technical support and provide:
Total memory and available memory on the device
Memory used by backup processes during backup
Total number of backup files and total backup data size
Backup client version
Disk I/O and network throughput
CloudMonitor screenshots of CPU and memory usage before and during backup — see Cloud service monitoring