Backup scanning policy

Backup scanning policy is a security policy that scans the backups for malware and prevents restoring infected files from backups. For more information on the Backups scanning functionality, see this section of the Acronis Cyber Protection User Guide.

The following examples can be used when creating a protection plan with this protection policy:

  • If scan target is a single archive located on the workload:

    Policy example

     1{
     2    # Put a unique ID of the policy here.
     3    "id": "",
     4    # Backups scanning policy type is 'policy.security.backups_scanning'
     5    'type': 'policy.security.backups_scanning',
     6    'parent_ids': [
     7        # Put the ID of total protection policy here.
     8    ],
     9    'origin': 'upstream',
    10    'enabled': True,
    11    'settings_schema': '2.0',
    12    'settings': {
    13        # A type of target that should be scanned. 'ARCHIVE' means that individual archives will be scanned.
    14        'targets_type': 'ARCHIVE',
    15        # A list of targets to scan. Must be IDs of backups.
    16        'targets': [
    17            # Put IDs of the archives here.
    18        ],
    19        # A type of the scan.
    20        'scan_type': 'LAST',
    21        # Set to true to enable antimalware scanning.
    22        'anti_malware_scan_enabled': True,
    23        # If archive is encrypted by password, an ID of the credentials must be provided here.
    24        'archive_cred_id': '',
    25        # A type of extra settings. 'INTERNAL_SCAN' means that agents of your organization will be used for scanning.
    26        'extra_type': 'INTERNAL_SCAN',
    27        'extra': {
    28            # A list of agent IDs that will scan the backups.
    29            'agent_ids': [
    30                'c5cf050e-bf2c-4866-aac6-bfe60fd94797'
    31            ]
    32        }
    33    }
    34}
    
  • If scan target is a location with archives located on the remote storage:

    Policy example

     1{
     2    # Put a unique ID of the policy here.
     3    "id": "",
     4    # Backups scanning policy type is 'policy.security.backups_scanning'
     5    'type': 'policy.security.backups_scanning',
     6    'parent_ids': [
     7        # Put the ID of total protection policy here.
     8    ],
     9    'origin': 'upstream',
    10    'enabled': True,
    11    'settings_schema': '2.0',
    12    'settings': {
    13        # A type of target that should be scanned. 'LOCATION' means that all archives in specified locations will be scanned.
    14        'targets_type': 'LOCATION',
    15        # A list of targets to scan. Must be IDs of locations.
    16        'targets': [
    17            # Put IDs of the locations here.
    18        ],
    19        # A type of the scan.
    20        'scan_type': 'LAST',
    21        # Set to true to enable antimalware scanning.
    22        'anti_malware_scan_enabled': True,
    23        # If location is encrypted by password, an ID of the credentials must be provided here.
    24        'archive_cred_id': '',
    25        # A type of extra settings. 'EXTERNAL_SCAN' means that external agents will be used for scanning.
    26        'extra_type': 'EXTERNAL_SCAN'
    27    }
    28}