Hyper Converged Infrastructure (HCI/aSV)

Sangfor HCI and aSV provide a unified infrastructure combining compute, storage, networking, and built-in security to simplify deployment, operations, and services.

6.11.1R1

{{item.code}}

Release Notes

Overview

Upgrade Path

Post Upgrade Check

Rollback

Upgrade Guide

Upgrade Instructions

Pre-upgrade Check

Upgrade Procedure

Abnormalities Troubleshooting

User Manual

Product Description

Installation And Deployment

Networking Installation Introduction

Preparation Before Installation

Switch Configuration Requirements

Witness Node System Installation (Optional)

Stretched Clusters

Preventing Split-Brain in Dual-Host Clusters

Service Packs

HCI Cluster Initialization

New virtual Machine

Deploying VM

Virtual Machine Management

Installing VmTools

Uninstall VmTools

Configuring Virtual Network

Configuring Edge Network

Creating a Virtual Network Device

Storage Configuration Guide

Handling Slow Disk

Handling Read-Only Disk

Other Storage Configuration Guide

Reliability Configuration Guide

Memory ECC Isolation

Fast Backup and Recovery

CDP Backup and Recovery

Agentless Backup

aSecurity Configuration Guide

Security Capabilities

HCI Platform Configuration Guide

VMware Management

Host Monitoring

Platform Operation and Maintenance

Operation and Maintenance tools/modules

Daily Operation and Maintenance Module

Troubleshooting Module

Platform Daily/Weekly/Monthly Operations and Maintenance.

Basic Business Change

Powering On and Off the System

Platform Hardware Maintenance

Platform High-Risk Operations

Interface Configuration High-risk Operations

Hardware Hazardous Operations

Network Port Table

Hyper Converged Infrastructure (HCI/aSV)

User Manual

aSecurity Configuration Guide

VM Security

Ransomware Recovery

{{sendMatomoQuery("Hyper Converged Infrastructure (HCI/aSV)","Ransomware Recovery")}}

Ransomware Recovery

{{ $t('productDocDetail.updateTime') }}: 2026-01-05

Description

Sangfor aSecurity provides a guided ransomware recovery process, which can quickly and safely restore production or services without needing expert intervention.
Sangfor aSecurity uses the linked clone method for service verification, which can be created in seconds. No additional storage space is required during the process. The environment is completely independent, and the virus will not spread during recovery.
After the recovery point is determined and the recovery is performed, the entire process is strictly isolated from encrypted assets and other assets. The isolation will be released after the recovery is completed and the virus is confirmed to be safe.

Prerequisites

None.

Precautions

There is a time difference between the snapshot data from the ransomware recovery and the current data. Rolling back the snapshot will cause data loss. In a formal business scenario, please evaluate the impact of ransomware before deciding whether to roll back to the snapshot.

Steps

On the VM Security page, select the target VM and click Ransomware Recovery.

Graphical user interface, text, application Description automatically generated

Firstly, it is required to quarantine the virtual machine to prevent the further spread of ransomware to other virtual machines. Click the Quarantine button. After the quarantine is completed, click Next.

Graphical user interface, text Description automatically generated

Before proceeding to ransomware recovery, click the Create Snapshot button to create a snapshot for the virtual machine. After the recovery from ransomware is completed, you can use the snapshot to retrieve the encrypted data.

Graphical user interface, text, website Description automatically generated

After the snapshot is created, click Next to recover the virtual machine. This phase will show all the snapshots of the virtual machine. When the platform has detected the virtual machine’s security agent is abnormal or suspected ransomware virus, a snapshot will automatically create and name SuspectRansomewareSnapshotXXX. Click the Preview button, and the platform will create a new linked clone virtual machine. After the clone is completed, click the Console button to enter the virtual machine to check whether the virtual machine is being encrypted. If the virtual machine isn’t encrypted, click Start Recovery and input the admin password to begin the recovery.

Graphical user interface

Description automatically generated

After clicking the OK button, the platform will automatically delete all linked-clone virtual machines created in the previous preview and restores the selected virtual machine snapshot.

Graphical user interface, text, application

Description automatically generated

After the recovery from the VM snapshot, click Next to enter the Scan for Viruses page. It is recommended to perform a full scan on the recovered virtual machine again. If a security event is detected, it can be dealt with immediately.

Graphical user interface, text, website

Description automatically generated

For the scanned security events, you can click the Fix, Trust, or Ignore buttons above to handle the security events. After all security events have been addressed, click Next to enter Recover Network.

Graphical user interface, text, application

Description automatically generated

Before recovering the network, since the current virtual machine data has been restored, to avoid secondary infection, it is recommended to check and confirm the security status of other connected virtual machines is appropriate and then click the Recover Network button. After the network is recovered, the virtual machine will be released from quarantine.

Graphical user interface

Description automatically generated

{{ $t('index.defaultHeader.logo') }}

Hyper Converged Infrastructure (HCI/aSV)

Ransomware Recovery