Restore a database backup

If the Advanced Threat Defense Appliance becomes corrupted, restore a specified or previous backup file on any Advanced Threat Defense Appliance.

Before you begin

Verify the following.

  • The version number in the backup file matches the current Advanced Threat Defense version. For example, Advanced Threat Defense is unable to restore a backup from on
  • All users are logged off the Advanced Threat Defense web interface, REST APIs, and CLI.
  • The SFTP or FTP server is successfully configured with Advanced Threat Defense.
  • All sample file and URL analysis is complete.

Note: When you restore a database backup during a backup, the restoration fails.


  1. Log on to the Advanced Threat Defense web interface.
  2. Click ManageMaintenanceRestore & BackupRestore.
  3. Restore the backup file.
    • You can upload a local backup file.
    • You can back up from your SFTP or FTP server.
      • Select Specific backup file, then configure the options.
      • Select Previous backup file, then select the file.
    Note: If the IP address changes on the SFTP or FTP server, update the configuration on the Backup Scheduler Setting page, then complete the restoration. If the SFTP or FTP server changes, your restore to backup on the old server fails. You would only be able to restore from the files on the new server.
  4. Click Restore.
  5. To view the restoration logs, click ManageLogsSyslog.
    The sample analysis processes stop before the restore process and restart when the restoration completes.

What to do next

During restoration, make sure to avoid the following.

  • Sample submissions from integrated products, users, and scripts
  • Advanced Threat Defense software upgrade