If i have a retention policy of 1.5 years from last back up date (as required by law) with Always keep the last version enabled
and
90 days incremental backups
Every day block level backup
and I set a purge delay of 30 days what happens in the following scenario (no other options selected)
Scenario 1
On Monday i create a new file A(txt file for example) and it's backed up. Then on Tuesday the file is simply edited and changes are saved and it's backed up. Then on Wednesday, the same file is changed(encrypted) and is backed up.
What do i end up with on Thursday assuming no changes after the encryption(think of a ransomware attack) ?
Do i end up having a copy of Tuesday file(marked for purge) and a copy of Wednesday file (the encrypted file) ?
Does the copy of the file before the last back up was run get marked for purging correct ?
How do you access files that are marked for purging ? I usually use cloud berry explorer, will there be two files with the same name in the folder where the original file is?
Is this a good way to protect against ransomware or is there a better way and remain compliant with the retention law ?
Scenario 2
A random file gets created and it's not changed for 10 months and the option purge after 30 days is enabled - I assume in this case purge doesn't apply to this file until a second changed copy of it is backed up, correct ?
Scenario 1:
You did not mention how many versions you are keeping in Retention. Ideally, you are keeping at least 2 versions. But according to your scenario, since Thursday nothing changed, nothing is backed up. Assuming you're keeping all versions, then you have the Monday file (good), the Tuesday file (may be block-level, but regardless, it's good), and Wednesday (probably not block-level since the entire file changed, but regardless, it's not good). You can then restore either Monday or Tuesday.
Since you did not mention versions you are keeping, remember that any files that are backed up using the block-level algorithm would be tied to the original full file backup at the start of your 90 day cycle, so if a file changed every day, you'd end up with 90 versions in storage. If you wanted to keep fewer versions, you would need to run the incremental more frequently than every 90 days (it's only going to back up files that changed that day and for those files that were backed up using block-level, they would be backed up in full - unchanged files are not backed up again after the very first backup).
Also keep in mind that "most" ransomware tools change file extensions, effectively deleting the original file and creating a new one with the same name but an added extension. They may not all work that way, but if that happens all your files would be flagged for deletion and in 30 days (since you have a 30 day purge), the files would be removed from storage. Presumably, you'd know pretty fast that there was an issue and can then restore.
But I would ensure you keep at least 2 versions of files and to avoid excessive storage for larger block-level backed up files, consider changing the Incremental to monthly or weekly, as needed.
Scenario 2:
Not correct. Purging is only related to files that have been deleted. If a file is never deleted, it's never removed from storage using that option. If you want to manage this, then you need to allow for multiple versions to be created as mentioned above.
No, we are not keeping any file versions. This is our custom retention policy
Delete versions older than 1.5 year from back up date - enabled
Always keep the latest version - enabled
Keep number of versions (for each file) disabled
Delay purge (disabled)
Delete files that have been deleted locally (disabled)
Incremental every 90 days, block level every day.
When i go to explore my backups or restore a certain file , I only see one version of a file, you mentioned that the block level would keep 90 versions if the file got changed over that 90 day period. However, i checked a dozen of file, they all have one version.
So if i got this right:
We should decrease the incremental level to 60 days or even 30, what are the benefits of this and pros ?
Purge delay of 30 days is not enough to protect against ransomware attack ? I have been advised by support via email that this is the only option i would need - but I'm confused, as I read on the site here that we should use file versioning and purge delay.
Most of our files that are created/changed are pretty small in size , think less than 30-50mb.
Where did you check to see what file versions are available? Did you do this from the Storage Tab in the product? If not, please check there and also post a screenshot of the Retention settings tab in the wizard. Please check the post after submitting to make sure the image is visible. Thanks. I'll review again.