How Backup Sets are protected by Ransomware Resiliency feature in Backup Exec

Article: 100044378
Last Published: 2020-07-14
Ratings: 5 6
Product(s): Backup Exec


Backup Exec 20.4 has introduced a feature called “Ransomware Resilience”. This feature is useful for providing an extra layer of security to disk storage hosted on a Media Server, by ensuring that only the write requests originating from a trusted source are completed. All other write operations to the folder that hosts the Backup Exec disk storage, originating from a source, which is not trusted are blocked.

The following types of disk storage are protected:

  • Disk Storage hosted on a fixed disk on the Media Server.
  • Deduplication Storage Folder hosted on a fixed disk attached to the Media Server.
  • RDX device attached to the Media Server with limited support.
  • Disk Storage created on a network share hosted on a remote network device with limited support.

This feature is not applicable to other removable devices, such as tape storage.


  • The protection is limited to the folder, where the disk storage is hosted and does not apply to the entire disk.
  • For disk Storage hosted on RDX device, GRT data is written to the root of the volume and hence not protected from write operation. The Non-GRT data is written to a sub-directory on the RDX device and hence protected from being written by unauthorized processes.
  • Disk storage created on a Network share, which is hosted on a network attached storage has limited protection. Protection of such data is the responsibility of the machine hosting the device. Backup Exec allows only write protection that originate from the Media Server hosting the network share as disk storage. If the network share is accessed from another server with Backup Exec not installed, the data is not protected.
  • In CAS environment, if a disk storage hosted on fixed disk attached to Managed Backup Exec server or Central Administration Server is also shared with another Media server, write protection is available against all the writes originating from any server. However, this protection is not available if the disk storage is hosted on a Media Server with Windows 2008 Operating System.



Was this content helpful?