Back up and restore the Advanced Threat Defense database

As a precaution, you can periodically backup the Advanced Threat Defense database. You can then restore a backup of your choice when required. For example, if you want to discard all changes made during a troubleshooting exercise, you can restore the backup that was taken before you started troubleshooting.

You can schedule automatic backups to a designated FTP or SFTP server on a daily, weekly, or monthly basis.

When you want to restore a backup, Advanced Threat Defense collects the selected backup file from the FTP or SFTP server and overwrites its database with the contents of the backup file.

Back up data
Data included in backup
  • Local blacklist
  • Global Whitelist
  • VM profiles
    Note: The analyzer VM image or VMDK files are not included in the back up. Before you restore a backup, make sure the image files specified in the backed-up VM profiles are located in Advanced Threat Defense.
  • Analyzer profiles
  • User information
  • McAfee ePO integration details
  • Proxy settings
  • DNS settings
  • Syslog settings
  • SNMP settings
  • Date and time settings including the NTP server details
  • Load-balancing cluster settings
    Note: This does not include the configuration and analysis results from the other nodes in the cluster.
  • Custom YARA rules and configuration
  • Backup scheduler settings
  • File back up details
Data not included in backup
  • Any sample file or URL that is being analyzed at the time of backup
    Note: The Analysis Status page only shows the file being currently analyzed
  • The VMDK or image files of analyzer VMs
  • The Advanced Threat Defense software in the active or backup disk
  • The log files and diagnostic files
  • Advanced Threat Defense Appliance network information