All Products
Search

This Product

    Security Center:Create a restore job

    Document Center

    Security Center:Create a restore job

    Last Updated:Mar 31, 2026

    After a ransomware attack, create a restore job to recover encrypted files from a backup version to a target server. This topic describes how to check recoverable backup data, create a restore job, view job status, and delete backup data.

    Prerequisites

    Before you begin, make sure you have:

    • The Security Center client running on the server. A 客户端在线 icon appears in the Agent column on the Host page when the client is online.

    • An anti-ransomware policy created for the server that has successfully backed up data before the ransomware attack. This means the server has at least one recoverable backup version.

    Check recoverable backup data

    Confirm that the target server has backup data before creating a restore job.

    1. Log on to the Security Center consoleSecurity Center console.Log on to the Security Center console.Log on to the Security Center console.

    2. In the left navigation pane, choose Protection Configuration > Host Protection > Anti-ransomware. In the upper-left corner, select your asset's region: Chinese Mainland or Outside Chinese Mainland.

    3. On the Anti-ransomware for Servers tab, click the number under Recoverable Data Versions above the policy list to open the Recoverable Data Versions panel.

    4. In the search box, select the server region and enter the server name or IP address to find the available backup versions for that server.

      image.png

    Create a restore job

    1. Log on to the Security Center consoleSecurity Center console.

    2. In the left navigation pane, choose Protection Configuration > Host Protection > Anti-ransomware. In the upper-left corner, select the region of your asset: Chinese Mainland or Outside Chinese Mainland.

    3. On the Anti-ransomware for Servers tab, find the server in the anti-ransomware policy list.

      Use the search box above the policy list to find the server by policy name or server name.

    4. Click image to expand the server list. Find the target server and click Restore in the Actions column.

    5. In the Create Restoration Task panel, select the backup version and files to restore, enter the destination folder, and select the target server.

    6. Click OK.

    A Restoration task created. message confirms that the restore job was submitted. The restored data appears on the target server after the job completes.

    View a restore job

    In the Proportion of Used Capacity section, click the number under Restoring/Restoration Records to open the Restoration Task panel. The panel shows the execution status, total number of restored files, and number of failed files for each restore job.

    If a restore job fails, the panel displays the failure reason. If the failure is caused by a missing destination folder, create a new restore job with a valid destination folder.

    image

    Delete backup data

    Important

    • Deleted backup data cannot be restored. Proceed with caution.

    • Storage capacity is released within 24 to 72 hours after deletion.

    • You cannot delete the latest version of recoverable data directly. To delete it, uninstall the Security Center client from the server first, then remove the server from the anti-ransomware policy.

    1. In the Proportion of Used Capacity section, click the number under Recoverable Data Versions to open the Recoverable Data Versions panel.

    2. In the search box, find the target server by region, server name, or IP address.

    3. In the backup version list, find the version to delete and click Delete in the Actions column.

    Deleting the backup data releases the corresponding anti-ransomware storage capacity.

    删除已备份数据