Description

1. aSecurity supports the fixing of security events with a full-stack guide covering network isolation, snapshot fallback, and virus fixing.
2. This feature ensures that the recovery time objective (RPO) and recovery point objective (RTO) are the smallest. Before fixing, files are stored in a separate sandbox. In addition, a snapshot is automatically taken, so that files can be quickly recovered in the case of accidental deletion or system crash to ensure proper running of businesses.
3. It can block cyber attacks and blacklist source IP addresses to prevent network system crashes, data leakage, and information security threats caused by cyber attacks.

Prerequisites

N/A

Precautions

N/A

Steps

1. Go to Security Capabilities > Security Events > Viruses. Then, you can select an action on the target virus, which can be Fix, Trust, or Ignore.
2. Click Fix. In the pop-up dialog box, we recommend that you select Create a snapshot before fixing to preserve the current VM data.

• The virus is fixed after the snapshot is taken successfully. The snapshot suppression time is 1 hour, indicating that the earliest snapshot is retained if manual fixing is performed several times on a VM within an hour.

• A consistent group snapshot is taken for the VM if it is in a consistency group.

3. Click OK. After the fixing is completed, the number of virus events in the security events of the VM becomes 0.
4. Select View Security Details from the More drop-down list to enter the security event list and view the fixed virus events. If your business becomes abnormal after virus fixing, click Recover.

• Recover File: Recovers the selected file to its original location, which overwrites the existing file with the same name and cannot guarantee the security of the file. By default, a recovered file will be marked as trusted. Please operate with caution.

• Recover from Snapshot: Recovers the VM from a snapshot. Note: This operation will recover the VM to the time point of the selected snapshot. Ensure that a snapshot or backup has been made for the VM; otherwise, unprotected data will be lost. Perform recovery during off-peak hours, as it will shut down the VM and interrupt your business.

5. Go to Security Capabilities > Security Events > Brute-Force Attacks and click Block, Trust, or Ignore.

• If you click Block, the attack source IP address will be added to the permanent blacklist. Traffic flowing to or from blacklisted IP addresses will always be discarded. If your business becomes abnormal after fixing, go to Settings > Blacklist and Whitelist > Permanent Blacklist to allow the blocked IP address by referring to Blacklist and Whitelist.

6. Go to Security Capabilities > Security Events > Cyber Attacks and click Block or Trust.

• If you click Block, the attack source IP address will be added to the permanent blacklist. Traffic flowing to or from blacklisted IP addresses will always be discarded. If your business becomes abnormal after fixing, go to Settings > Blacklist and Whitelist > Permanent Blacklist to allow the blocked IP address by referring to Blacklist and Whitelist.