Kaspersky Embedded Systems Security for Linux
3.4.0
English

Contents

Backup

If Kaspersky Embedded Systems Security detects malicious code in a file while scanning a protected device, the application can block the file, assign the Infected status to it, place a copy in Backup, and attempt to disinfect the file.

Backup keeps copies of files that have been deleted or modified during disinfection. A backup copy is created before disinfecting or deleting the file. Backup copies of files are stored in a special format and do not pose a threat.

Sometimes it is not possible to maintain the integrity of files during disinfection. If after disinfection, you partially or completely lose access to important information in a disinfected file, you can try restoring the file from the backup copy.

Restoring infected objects may lead to a device infection.

Backup file copies may contain personal data. Root privileges are required to access Backup objects.

You can configure the following Backup settings:

  • Storage time for objects in Backup. Objects are kept for 30 days by default.
  • Maximum Backup size. Backup has an unlimited size by default.
  • The path to the directory where the Backup is located. The default path is /var/opt/kaspersky/kess/common/objects-backup/.

When the specified retention period expires, or when the maximum Backup size is reached, the application automatically deletes the oldest backup copies regardless of their status.

You can delete the backup copy of a restored or unrestored file manually.

A general list of files placed in Backup by Kaspersky applications on client devices is generated in Kaspersky Security Center and is available in the Administration Console (AdvancedRepositoriesBackup) and in the Web Console (OperationsRepositoriesBackup). You can view the properties of files in backup storage on protected devices and delete files from it. Kaspersky Security Center does not copy files from Backup to the Administration Server; all files are stored in the Backups on protected devices. File restore takes place on the protected device.

To manage files in Backup in Kaspersky Security Center, you need to enable the transfer of data about files in Backup to the Administration Server.

In this Help section

Configuring Backup settings in the Web Console

Configuring Backup settings in the Administration Console

Configuring Backup settings in the command line

Working with Backup objects in the command line
Page top
[Topic 264158]

Configuring Backup settings in the Web Console

In the Web Console, you can configure Backup in the policy properties (Application settings → General settings → Storage settings).

Backup settings

Setting

Description

Store objects no longer than (days)

The entry field to specify the period for storing objects in the Backup storage.

Available values: 0–10000. If the check box is cleared, the period for storing objects in Backup is unlimited.

Default value: 30.

Limit the size of Backup to (MB)

The entry field to specify the maximum size of the Backup storage (MB).

Available values: 1–999999. If the check box is cleared, the size of Backup is unlimited.

This check box is cleared by default.

Page top

[Topic 265033]

Configuring Backup settings in the Administration Console

In the Administration Console, you can configure Backup in the policy properties (General settings → Storage settings).

Backup settings

Setting

Description

Store objects no longer than (days)

This check box enables or disables the storage period limit (in days) for the objects in the Backup storage.

Available values: 0–10000. If 0 is specified, the period for storing objects in the Backup storage is unlimited.

Default value: 30.

Limit the size of Backup to (MB)

This check box enables or disables the maximum Backup storage size (in megabytes).

Available values: 1–999999. If the check box is cleared, the size of Backup is unlimited.

This check box is cleared by default.

Page top

[Topic 265703]

Configuring Backup settings in the command line

On the command line, you can configure Backup using the BackupDaysToLive, BackupSizeLimit, and BackupFolder settings in the general application settings.

You can edit the setting using command line options or a configuration file that contains all general application settings.

Backup settings

Setting

Description

Value

BackupDaysToLive

Time period for storing objects in the Backup storage (in days). After the specified time has elapsed, the application deletes the oldest backup copies of files.

To remove the object retention limit, set 0.

0–10000

0–unlimited retention.

Default value: 30.

BackupSizeLimit

Maximum Backup size in MB. When the maximum Backup storage size is reached, the application deletes the oldest backup copies of files.

To remove the Backup size limit, set 0.

0–999999

0–unlimited size.

Default value: 0.

BackupFolder

Path to the Backup directory. You can specify a custom Backup storage directory that is different from the default directory. You can use directories on any device as the Backup storage. It is not recommended to assign directories that are located on remote devices, such as those mounted via the Samba and NFS protocols.

If the specified directory does not exist or is unavailable, the application uses the default directory.

Default value: /var/opt/kaspersky/kess/common/objects-backup/

Root privileges are required to access the default Backup storage directory.

Page top

[Topic 264588]

Working with Backup objects in the command line

You can use the Backup management commands in the command line for the following actions on Backup objects:

  • View Backup object details.
  • Delete some or all objects from Backup.
  • Restore objects from Backup.

Restoring infected objects may lead to a device infection.

Viewing Backup object details

To view the details of the objects in Backup, run:

kess-control -B --query ["<filter conditions>"] [-n <number>] [--json]

where:

  • <filter conditions>: one or several logical expressions in the format <field> <comparison operator> '<value >', combined with the help of the logical operator and to limit the results. If you do not specify any filter conditions, the application will display the details of all objects in Backup.
  • <number>: the number of the most recent objects to display. If you do not specify the -n switch, the last 30 objects will be displayed. Specify 0 to show all objects.
  • --json: output data in JSON format.

The ObjectId line displays the numeric identifier that the application assigned to the object when placing it in Backup. This ID is used to perform actions on the object, such as restoring or removing the object from the Backup storage.

Restoring objects from Backup

To restore an object under its original name to its original location, execute the following command:

kess-control -B --restore <object ID>

where <object ID> is the numeric identifier that the application assigned to the object when placing it in Backup.

To restore an object under a new name to a specified directory, execute the following command:

kess-control -B --restore <object ID> --file <path to file>

where --file < file path> is the new name of the file and the path to the directory you want to save it to. If the specified directory does not exist, the application creates it.

Deleting objects from Backup

To remove selected objects from Backup, run:

kess-control -B --mass-remove --query "<filter conditions>"

where <filter conditions> is one or several logical expressions in the format <field> <comparison operator> '<value>', combined with the help of the logical operator and to limit the results.

Examples:

To remove an object with ID=15:

kess-control -B --mass-remove --query "ObjectId == '15'"

To remove objects that contain "test" in their names or paths:

kess-control -B --mass-remove --query "FileName like '%test%'"

To remove all objects from Backup, run:

kess-control -B --mass-remove

Page top
[Topic 264019]