CAL Defense is an all-in-one cyber protection solution that integrates data protection with cybersecurity. It provides an innovative combination of:

• Proactive protection, such as vulnerability assessment and patch management; predictive analysis of disk health based on machine learning; malware removal from backups; prevention against reoccurring infections.
• Active protection, such as continuous data protection; protection against ransomware and malware; self-protection.
• Reactive protection, such as full-image and file-level backup and recovery; disaster recovery; instant restore of virtual machines; forensic backups.

Key Features:

General information about CAL Defense

With CAL Defense, you can back up and restore Windows and Mac computers, Android smartphones or tablets, as well as iPhones, iPads and iPods. Backups that you can create include the following:

Backups of Windows/macOS Computers:

• Full backups
• Drives
• Volumes
• Folders
• Files
• System states

Mobile Devices:

• Contacts
• Photos
• Videos
• Calendar
• Text messages (Android devices only)
• Reminders (iOS devices only)

A protection plan can be applied to multiple machines at the time of its creation, or later. When you create a plan, the system checks the operating system and the device type (for example, workstation, virtual machine, etc.) and shows only those plan modules that are applicable to your devices.

A protection plan can be created in two ways:

• In the Devices section – when you select the device or devices to be protected and then create a plan for them.
• In the Plans section – when you create a plan and then select the machines to be applied to.

Let's consider the first way.

To create the first protection plan

1. In the Cyber Protect web console, go to Devices > All devices.
2. Select the machines that you want to protect.
3. Click Protect, and then click Create plan.You will see the protection plan with the default settings.

4. [Optional] To modify the protection plan name, click on the pencil icon next to the name.

5. [Optional] To enable or disable a protection plan module, click the switch next to the module name.

6. [Optional] To configure the module parameters, click the corresponding section of the protection plan.

7. When ready, click Create.

The Backup, Antivirus & Antimalware protection, Vulnerability assessment, Patch management, and Data protection map modules can be performed on demand by clicking Run now.

Resolving plan conflicts

A protection plan can be in the following statuses:

• Active – a plan that is assigned to devices and executed on them.
• Inactive – a plan that is assigned to devices but is disabled and not executed on them.

Applying several plans to a device

You can apply several protection plans to a single device. As a result, you will get a combination of different protection plans assigned on a single device. For example, you may apply one plan that has only the Antivirus & Antimalware protection module enabled, and another plan that has only the Backup module enabled. The protection plans can be combined only if they do not have intersecting modules. If the same modules are enabled in more than one protection plan, you must resolve the conflicts between them.

Resolving plan conflicts

Plan conflicts with already applied plans

When you create a new plan on a device or devices with already applied plans that conflict with the new plan, you can resolve a conflict with one of the following ways:

• Create a new plan, apply it, and disable all already applied conflicting plans.
• Create a new plan and disable it.

When you edit a plan on a device or devices with already applied plans that conflict with the changes made, you can resolve a conflict with one of the following ways:

• Save changes to the plan and disable all already applied conflicting plans.
• Save changes to the plan and disable it.

A device plan conflicts with a group plan

If a device is included in a group of devices with an assigned group plan, and you try to assign a new plan to a device, then the system will ask you to resolve the conflict by doing one of the following:

• Remove a device from the group and apply a new plan to the device.
• Apply a new plan to the whole group or edit the current group plan.

License issue

The assigned quota on a device must be appropriate for the protection plan to be performed, updated, or applied. To resolve the license issue, do one of the following:

• Disable the modules that are unsupported by the assigned quota and continue using the protection plan.
• Change the assigned quota manually: go to Devices > <Particular device> > Details > Service quota. Then, revoke the existing quota and assign a new one.

Operations with protection plans

Available actions with a protection plan

You can perform the following actions with a protection plan:

• Rename a plan
• Enable/disable modules and edit each module settings
• Enable/disable a plan
• A disabled plan will not be carried out on the device to which it is applied.
• This action is convenient for administrators who intend to protect the same device with the same plan later. The plan is not revoked from the device and to restore the protection, the administrator must only re-enable the plan.
• Apply a plan to devices or group of devices
• Revoke a plan from a device
• A revoked plan is not applied to a device anymore.
• This action is convenient for administrators who do not need to protect quickly the same device with the same plan again. To restore the protection of a revoked plan, the administrator must know the name of this plan, select it from the list of available plans, and then re-apply it to the desired device.
• Import/export a plan
• You can only import protection plans created in Acronis Cyber Protect 15. Protection plans created in older versions are incompatible with Acronis Cyber Protect 15.
• Delete a plan

To apply an existing protection plan

1. Select the machines that you want to protect.
2. Click Protect. If a protection plan is already applied to the selected machines, click Add plan.
3. The software displays previously created protection plans.
4. Select the protection that you need, and then click Apply.

To edit a protection plan

1. If you want to edit the protection plan for all machines to which it is applied, select one of these machines. Otherwise, select the machines for which you want to edit the protection plan.
2. Click Protect.
3. Select the protection plan that you want to edit.
4. Click the ellipsis icon next to the protection plan name, and then click Edit.
5. To modify the plan parameters, click the corresponding section of the protection plan panel.
6. Click Save changes.
7. To change the protection plan for all machines to which it is applied, click Apply the changes to this protection plan. Otherwise, click Create a new protection plan only for the selected devices.

To revoke a protection plan from machines

1. Select the machines that you want to revoke the protection plan from.
2. Click Protect.
3. If several protection plans are applied to the machines, select the protection plan that you want to revoke.
4. Click the ellipsis icon next to the protection plan name, and then click Revoke.

To delete a protection plan

1. Select any machine to which the protection plan that you want to delete is applied.
2. Click Protect.
3. If several protection plans are applied to the machine, select the protection plan that you want to delete.
4. Click the ellipsis icon next to the protection plan name, and then click Delete.
5. As a result, the protection plan is revoked from all of the machines and completely removed from the web interface.

Backup

A protection plan with the Backup module enabled is a set of rules that specify how the given data will be protected on a given machine.

A protection plan can be applied to multiple machines at the time of its creation, or later.

To create the first protection plan with the Backup module enabled

1. Select the machines that you want to back up.
2. Click Protect.
3. The software displays protection plans that are applied to the machine. If the machine does not have any plans already assigned to it, then you will see the default protection plan that can be applied. You can adjust the settings as needed and apply this plan or create a new one.

1. To create a new plan, click Create plan. Enable the Backup module and unroll the settings.
2. [Optional] To modify the protection plan name, click the default name.
3. [Optional] To modify the Backup module parameters, click the corresponding section of the protection plan panel.
4. [Optional] To modify the backup options, click Change next to Backup options.
5. Click Create.

To apply an existing protection plan

1. Select the machines that you want to back up.
2. Click Protect. If a common protection plan is already applied to the selected machines, click Add plan.
3. The software displays previously created protection plans.

1. Select a protection plan to apply.
2. Click Apply.

Selecting files/folders

File-level backup is available for physical machines and virtual machines backed up by an agent installed in the guest system.

A file-level backup is not sufficient for recovery of the operating system. Choose file backup if you plan to protect only certain data (the current project, for example). This will reduce the backup size, thus saving storage space.

The OneDrive root folder is excluded from backup operations by default. If you select to back up specific OneDrive files and folders, they will be backed up. Files that are not available on the device will have invalid contents in the archive.

There are two ways of selecting files: directly on each machine or by using policy rules. Either method allows you to further refine the selection by setting the file filters.

Direct selection

1. In What to back up, select Files/folders.
2. Click Items to back up.
3. In Select items for backup, select Directly.
4. For each of the machines included in the protection plan:
5. Click Select files and folders.
6. Click Local folder or Network folder.
7. The share must be accessible from the selected machine.
8. Browse to the required files/folders or enter the path and click the arrow button. If prompted, specify the user name and password for the shared folder.
9. Backing up a folder with anonymous access is not supported.
10. Select the required files/folders.
11. Click Done.

Using policy rules

1. In What to back up, select Files/folders.
2. Click Items to back up.
3. In Select items for backup, select Using policy rules.
4. Select any of the predefined rules, type your own rules, or combine both.
5. The policy rules will be applied to all of the machines included in the protection plan. If no data meeting at least one of the rules is found on a machine when the backup starts, the backup will fail on that machine.
6. Click Done.

Selection rules for Windows

• Full path to a file or folder, for example D:\Work\Text.doc or C:\Windows.
• Templates:
• [All Files] selects all files on all volumes of the machine.
• [All Profiles Folder] selects the folder where all user profiles are located (typically, C:\Users or C:\Documents and Settings).
• Environment variables:
• %ALLUSERSPROFILE% selects the folder where the common data of all user profiles is located (typically, C:\ProgramData or C:\Documents and Settings\All Users).
• %PROGRAMFILES% selects the Program Files folder (for example, C:\Program Files).
• %WINDIR% selects the folder where Windows is located (for example, C:\Windows).
• You can use other environment variables or a combination of environment variables and text. For example, to select the Java folder in the Program Files folder, type: %PROGRAMFILES%\Java.

Selection rules for Linux

• Full path to a file or directory. For example, to back up file.txt on the volume /dev/hda3 mounted on /home/usr/docs, specify /dev/hda3/file.txt or /home/usr/docs/file.txt.
• /home selects the home directory of the common users.
• /root selects the root user's home directory.
• /usr selects the directory for all user-related programs.
• /etc selects the directory for system configuration files.
• Templates:
• [All Profiles Folder] selects /home. This is the folder where all user profiles are located by default.

Selection rules for macOS

• Full path to a file or directory.
• Templates:
• [All Profiles Folder] selects /Users. This is the folder where all user profiles are located by default.

Examples:

• To back up file.txt on your desktop, specify /Users/<username>/Desktop/file.txt, where <username> is your user name.
• To back up all users' home directories, specify /Users.
• To back up the directory where the applications are installed, specify /Applications.

Selecting system state

System state backup is available for machines running Windows 7 and later.

To back up system state, in What to back up, select System state.

A system state backup is comprised of the following files:

• Task scheduler configuration
• VSS Metadata Store
• Performance counter configuration information
• MSSearch Service
• Background Intelligent Transfer Service (BITS)
• The registry
• Windows Management Instrumentation (WMI)
• Component Services Class registration database

Selecting disks/volumes

A disk-level backup contains a copy of a disk or a volume in a packaged form. You can recover individual disks, volumes, or files from a disk-level backup. A backup of an entire machine is a backup of all its non-removable disks.

The OneDrive root folder is excluded from backup operations by default. If you select to back up specific OneDrive files and folders, they will be backed up. Files that are not available on the device will have invalid contents in the archive.

There are two ways of selecting disks/volumes: directly on each machine or by using policy rules. You can exclude files from a disk backup by setting the file filters.

Direct selection

Direct selection is available only for physical machines. To enable direct selection of disks and volumes on a virtual machine, you must install the Cyber Protection agent in its guest operating system.

1. In What to back up, select Disks/volumes.
2. Click Items to back up.
3. In Select items for backup, select Directly.
4. For each of the machines included in the protection plan, select the check boxes next to the disks or volumes to back up.
5. Click Done.

Using policy rules

1. In What to back up, select Disks/volumes.
2. Click Items to back up.
3. In Select items for backup, select Using policy rules.
4. Select any of the predefined rules, type your own rules, or combine both.
5. The policy rules will be applied to all of the machines included in the protection plan. If no data meeting at least one of the rules is found on a machine when the backup starts, the backup will fail on that machine.
6. Click Done.

Rules for Windows, Linux, and macOS

• [All Volumes] selects all volumes on machines running Windows and all mounted volumes on machines running Linux or macOS.

Rules for Windows

• Drive letter (for example C:\) selects the volume with the specified drive letter.
• [Fixed Volumes (physical machines)] selects all volumes of physical machines, other than removable media. Fixed volumes include volumes on SCSI, ATAPI, ATA, SSA, SAS, and SATA devices, and on RAID arrays.
• [BOOT+SYSTEM] selects the boot and system volumes. This combination is the minimal set of data that ensures recovery of the operating system from the backup.
• [BOOT+SYSTEM DISK (physical machines)] selects all volumes of the disk on which the boot and system volumes are located. If the boot and system volumes are not located on the same disk, nothing will be selected. This rule is applicable only to physical machines.
• [Disk 1] selects the first disk of the machine, including all volumes on that disk. To select another disk, type the corresponding number.

Rules for Linux

• /dev/hda1 selects the first volume on the first IDE hard disk.
• /dev/sda1 selects the first volume on the first SCSI hard disk.
• /dev/md1 selects the first software RAID hard disk.

To select other basic volumes, specify /dev/xdyN, where:

• "x" corresponds to the disk type
• "y" corresponds to the disk number (a for the first disk, b for the second disk, and so on)
• "N" is the volume number.

To select a logical volume, specify its path as it appears after running the ls /dev/mapper command under the root account. For example:

[root@localhost ~]# ls /dev/mapper/

control vg_1-lv1 vg_1-lv2

This output shows two logical volumes, lv1 and lv2, that belong to the volume group vg_1. To back up these volumes, enter:

/dev/mapper/vg_1-lv1

/dev/mapper/vg-l-lv2

Rules for macOS

• [Disk 1] Selects the first disk of the machine, including all volumes on that disk. To select another disk, type the corresponding number.

Creating bootable media

Bootable media is a CD, DVD, USB flash drive, or other removable media that enables you to run the agent without the help of an operating system. The main purpose of bootable media is to recover an operating system that cannot start.

We highly recommend that you create and test a bootable media as soon as you start using disk-level backup. Also, it is a good practice to re-create the media after each major update of the protection agent.

You can recover either Windows or Linux by using the same media. To recover macOS, create a separate media on a machine running macOS.

To create bootable media in Windows or Linux

1. Download the bootable media ISO file. To download the file, select a machine, and then click Recover > More ways to recover... > Download ISO image.
2. [Optional] Copy and print, or write down the registration token displayed by the service console.
3. This token allows access to the cloud storage from bootable media without entering a login and password. It is necessary if you do not have a direct login to the cloud, but use third-party authentication instead.
4. Do any of the following:

• Burn a CD/DVD using the ISO file.
• Create a bootable USB flash drive by using the ISO file and one of the free tools available online.
• Use ISO to USB or RUFUS if you need to boot an UEFI machine, Win32DiskImager for a BIOS machine. In Linux, using the dd utility makes sense.
• Connect the ISO file as a CD/DVD drive to the virtual machine that you want to recover.

To create bootable media in macOS:

1. On a machine where Agent for Mac is installed, click Applications > Rescue Media Builder.
2. The software displays the connected removable media. Select the one that you want to make bootable.
3. Warning  All data on the disk will be erased.
4. Click Create.
5. Wait while the software creates the bootable media.

Recovering disks by using bootable media

To recover disks by using bootable media

1. Boot the target machine by using bootable media.
2. [Only when recovering a Mac] If you are recovering APFS-formatted disks/volumes to a non-original machine or to bare metal, re-create the original disk configuration manually:
3. Click Disk Utility.
4. Erase and format the target disk into APFS. For instructions, refer to https://support.apple.com/en-us/HT208496#erasedisk.
5. Re-create the original disk configuration. For instructions, refer to https://support.apple.com/guide/disk-utility/add-erase-or-delete-apfs-volumes-dskua9e6a110/19.0/mac/10.15.
6. Click Disk Utility > Quit Disk Utility.
7. Click Manage this machine locally or click Rescue Bootable Media twice, depending on the media type you are using.
8. If a proxy server is enabled in your network, click Tools > Proxy server, and then specify the proxy server host name/IP address, port, and credentials. Otherwise, skip this step.
9. [Optional] When recovering Windows or Linux, click Tools > Register media in the Cyber Protection service, and then specify the registration token that you obtained when downloading the media. If you do this, you will not need to enter credentials or a registration code to access the cloud storage, as described in step 8.
10. On the welcome screen, click Recover.
11. Click Select data, and then click Browse.
12. Specify the backup location:

• To recover from cloud storage, select Cloud storage. Enter the credentials of the account to which the backed up machine is assigned.
• When recovering Windows or Linux, you have the option to request a registration code and use it instead of the credentials. Click Use registration code > Request the code. The software shows the registration link and the registration code. You can copy them and perform the registration steps on a different machine. The registration code is valid for one hour.
• To recover from a local or a network folder, browse to the folder under Local folders or Network folders.

1. Click OK to confirm your selection.
2. Select the backup from which you want to recover the data. If prompted, type the password for the backup.
3. In Backup contents, select the disks that you want to recover. Click OK to confirm your selection.
4. Under Where to recover, the software automatically maps the selected disks to the target disks.
5. If the mapping is not successful or if you are unsatisfied with the mapping result, you can re-map disks manually.
6. Changing disk layout may affect the operating system bootability. Please use the original machine's disk layout unless you feel fully confident of success.
7. [When recovering Linux] If the backed-up machine had logical volumes (LVM) and you want to reproduce the original LVM structure:
8. Ensure that the number of the target machine disks and each disk capacity are equal to or exceed those of the original machine, and then click Apply RAID/LVM.
9. Review the volume structure, and then click Apply RAID/LVM to create it.
10. [Optional] Click Recovery options to specify additional settings.
11. Click OK to start the recovery.

Recovering files by using bootable media

To recover files by using bootable media

1. Boot the target machine by using the bootable media.
2. Click Manage this machine locally or click Rescue Bootable Media twice, depending on the media type you are using.
3. If a proxy server is enabled in your network, click Tools > Proxy server, and then specify the proxy server host name/IP address, port, and credentials. Otherwise, skip this step.
4. [Optional] When recovering Windows or Linux, click Tools > Register media in the Cyber Protection service, and then specify the registration token that you obtained when downloading the media. If you do this, you will not need to enter credentials or a registration code to access the cloud storage, as described in step 7.
5. On the welcome screen, click Recover.
6. Click Select data, and then click Browse.
7. Specify the backup location:

• To recover from cloud storage, select Cloud storage. Enter the credentials of the account to which the backed up machine is assigned.
• When recovering Windows or Linux, you have the option to request a registration code and use it instead of the credentials. Click Use registration code > Request the code. The software shows the registration link and the registration code. You can copy them and perform the registration steps on a different machine. The registration code is valid for one hour.
• To recover from a local or a network folder, browse to the folder under Local folders or Network folders.

1. Click OK to confirm your selection.
2. Select the backup from which you want to recover the data. If prompted, type the password for the backup.
3. In Backup contents, select Folders/files.
4. Select the data that you want to recover. Click OK to confirm your selection.
5. Under Where to recover, specify a folder. Optionally, you can prohibit overwriting of newer versions of files or exclude some files from recovery.
6. [Optional] Click Recovery options to specify additional settings.
7. Click OK to start the recovery.

Safe recovery

A backed-up OS image can have malware that can reinfect a machine after recovery.

The safe recovery functionality allows you to prevent recurrence of infections by using the integrated antimalware scanning and malware deletion during the recovery process.

Limitations:

• Safe recovery is supported only for physical or virtual Windows machines with Agent for Windows installed inside the machine.
• The supported backup types are "Entire machine" or "Disks/volumes" backups.
• Safe recovery is supported only for the volumes with NTFS file system. Non-NTFS partitions will be recovered without anti-malware scanning.
• Safe recovery is not supported for CDP backups. The machine will be recovered based on the last regular backup without the data in the CDP backup. To recover the CDP data, start a Files/folders recovery.

How it works

If you enable the Safe recovery option during the recovery process, then the system will perform the following:

1. Scan the image backup for malware and mark the infected files. One of the following statuses is assigned to a backup:

• No malware – no malware was found in a backup during scanning.
• Malware detected – malware was found in a backup during scanning.
• Not scanned – backup was not scanned for malware.

• Recover the backup to the selected machine.
• Delete the detected malware.
• You can filter backups by using the Status parameter.

Creating bootable media

Bootable media is a CD, DVD, USB flash drive, or other removable media that enables you to run the agent without the help of an operating system. The main purpose of bootable media is to recover an operating system that cannot start.

We highly recommend that you create and test a bootable media as soon as you start using disk-level backup. Also, it is a good practice to re-create the media after each major update of the protection agent.

You can recover either Windows or Linux by using the same media. To recover macOS, create a separate media on a machine running macOS.

To create bootable media in Windows or Linux

1. Download the bootable media ISO file. To download the file, click the account icon in the top-right corner > Downloads > Bootable media.
2. Do any of the following:

• Burn a CD/DVD using the ISO file.
• Create a bootable USB flash drive by using the ISO file and one of the free tools available online.
• Use ISO to USB or RUFUS if you need to boot an UEFI machine, Win32DiskImager for a BIOS machine. In Linux, using the dd utility makes sense.
• Connect the ISO file as a CD/DVD drive to the virtual machine that you want to recover.

Alternatively, you can create bootable media by using Bootable Media Builder.

To create bootable media in macOS

1. On a machine where Agent for Mac is installed, click Applications > Rescue Media Builder.
2. The software displays the connected removable media. Select the one that you want to make bootable.
3. All data on the disk will be erased.
4. Click Create.
5. Wait while the software creates the bootable media.

Remote access (RDP and HTML5 clients)

Cyber Protect provides you with remote access capability. You can remotely connect and manage your user machines right from the web console. This allows you to easily assist to your users in resolving issues on their machines.

Prerequisites:

• A protection agent is installed on the remote machine and is registered on the management server.
• The machine has an appropriate Cyber Protect license assigned.
• The Remote Desktop Connection сlient is installed on the machine from which the connection is initialized.
• The machine from which the RDP connection is initialized must be able to access the management server by the its host name. The DNS settings must be configured properly or the management server host name must be put in the hosts file.

A remote connection can be established from both Windows and macOS machines.

The remote access functionality can be used for connections to Windows machines with the Windows Remote Desktop feature available. That is why a remote access is not possible, for example, to a Windows 10 Home or macOS systems.

To establish a connection from a macOS machine to a remote machine, ensure that the following applications are installed on the macOS machine:

• The Remote Desktop Connection сlient
• The Microsoft Remote Desktop application

How it works

When you try to connect to a remote machine, the system first checks whether this machine has a Cyber Protect license. Then, the system checks whether the connection via the HTML5 or RDP client is possible. You initiate a connection via the RDP or HTML5 client. The system establishes a tunnel to the remote machine and checks whether the remote desktop connections are enabled on the remote machine. Then, you enter the credentials and, after their validation, you can access the remote machine.

How to connect to a remote machine

To connect to a remote machine, do the following:

1. In the Cyber Protect web console, go to Devices > All devices.
2. Click on the machine to which you want to connect remotely and then click Cyber Protection Desktop > Connect via RDP client or Connect via HTML5 client.
3. Connection via HTML5 client is only available if the management server is installed on a Linux machine.
4. [Optional, only for connection via RDP client] Download and install the Remote Desktop Connection client. Initiate the connection to the remote machine.
5. Specify the login and password to access the remote machine, and then click Connect.

As a result, you are connected to the remote machine and can manage it.

Sharing a remote connection

Employees who are working from home may need access to their office computers, but it is possible that your organization may not have a configured VPN or other tools for remote connection. Cyber Protect provides you with the capability to share an RDP link with your users, thus providing them with remote access to their machines.

To enable the sharing remote connection functionality

1. In the Cyber Protect web console, go to Settings > Protection > Remote connection.
2. Select the check box Share remote desktop connection.

As a result, when you select a device in Cyber Protect web console, a new option Share remote connection will appear.

To share a remote connection with your users

1. In the Cyber Protect web console, go to Devices > All devices.
2. Select the device to which you want provide a remote connection.
3. Click Share remote connection.
4. Click Get link. In the opened window, copy the generated link. This link can be shared with a user who needs a remote access to the device. The link is valid for 10 hours.

After getting the link, you can share it via email or other means of communication. The user with whom the link was shared, must click it and then select the connection type:

• Connect via RDP client.
• This connection will prompt for downloading and installing the Remote Connection client.
• Connect via HTML5 client.
• This connection does not require installation of any RDP client on the user machine. The user will be redirected to a login screen and must enter the credentials for accessing the machine.

Remote wipe

Remote wipe allows a Cyber Protect service administrator and a machine owner to delete the data on a managed machine – for example, if it gets lost or stolen. Thus, any unauthorized access to sensitive information will be prevented.

Remote wipe is only available for machines running Windows 10. To receive the wipe command, the machine must be turned on and connected to the Internet.

To wipe data from a machine

1. In the Cyber Protect web console, go to Devices > All devices.
2. Select the machine whose data you want to wipe.
3. You can wipe data from one machine at a time.
4. Click Details, and then click Wipe data.
5. If the machine that you selected is offline, the Wipe data option is inaccessible.
6. Confirm your choice.
7. Enter the credentials of this machine's local administrator, and then click Wipe data.
8. You can check the details about the wiping process and who started it in Dashboard > Activities.