Kaspersky Standard | Plus | Premium
Linux
English

Contents

How to manage Backup

If the Kaspersky application detects malicious code in a file while scanning a protected device, the application can block the file, assign the Infected status to it, place a copy in Backup, and attempt to disinfect the file.

Backup keeps copies of files that have been deleted or modified during disinfection. A backup copy is created before disinfecting or deleting the file. Backup copies of files are stored in a special format and do not pose a threat.

If the file is successfully disinfected, the status of the backup copy changes to Disinfected. Sometimes it is not possible to maintain the integrity of files during disinfection. If you partially or completely lose access to important information in a disinfected file after disinfection, you can attempt to restore the file from the disinfected copy to the file's original directory.

We recommend restoring files from backup copies only if these have a status of Disinfected. Restoring infected objects may lead to a device infection.

Backup file copies may contain personal data. Root privileges are required to access Backup objects.

You can configure the following Backup settings:

  • Storage time for objects in Backup. Objects are kept for 30 days by default.
  • Maximum Backup size. Backup has an unlimited size by default.
  • Path to Backup. By default, Backup is located in the /var/opt/kaspersky/kfl/common/objects-backup/ directory.

After the specified time has elapsed or when the maximum size of Backup is reached, the application automatically deletes backup copies of files, regardless of their status, from Backup, starting with the earliest copies.

You can delete the backup copy of a restored or unrestored file manually.

You can view the overall list of files placed in Backup by Kaspersky applications on the device in the application interface and on the command line. You can view the properties of backup copies on the protected device, run malware scans in Backup, and delete files from Backup.

In this Help section

How to configure Backup on the command line

How to manage objects in Backup using the command line

How to manage objects in Backup using the application interface
Page top
[Topic 287665]

How to configure Backup on the command line

On the command line, you can configure Backup settings using the BackupDaysToLive, BackupSizeLimit and QuarantineBackupFolder settings in the general application settings.

If you need to edit the Backup settings, you can:

  • Modify all Backup settings using the configuration file. To do so:
    1. Output the settings to a configuration file using the command kfl-control --get-app-settings --file <path to configuration file> [--json].

      A configuration file with the current settings is generated.

    2. Make changes to the Backup settings in the generated configuration file by selecting available values.
    3. Save the configuration file.
    4. Run the command kfl-control --set-app-settings --file <path to configuration file> [--json].
  • Edit individual Backup settings using the kfl-control --set-app-settings <setting name>=<setting value> [<setting name>=<setting value>].

For detailed instructions on viewing and changing general application settings, see the How to manage general application settings on the command line section.

Page top
[Topic 290538]

How to manage objects in Backup using the command line

You can use the Backup management commands in the command line for the following actions on Backup objects:

  • View Backup object details.
  • Delete some or all objects from Backup.
  • Restore objects from Backup.

Restoring infected objects may lead to a device infection.

Viewing Backup object details

To view the details of the objects in Backup, run:

kfl-control -B --query ["<filter conditions>"] [-n <number>] [--json]

where:

  • <filter conditions>: one or several logical expressions in the format <field> <comparison operator> '<value >', combined with the help of the logical operator and to limit the results. If you do not specify any filter conditions, the application will display the details of all objects in Backup.
  • <number>: the number of the most recent objects to display. If you do not specify the -n switch, the last 30 objects will be displayed. Specify 0 to show all objects.
  • --json: output data in JSON format.

The ObjectId line displays the numeric identifier that the application assigned to the object when placing it in Backup. This ID is used to perform actions on the object, such as restoring or removing the object from the Backup storage.

Restoring objects from Backup

To restore an object under its original name to its original location, execute the following command:

kfl-control --restore <object ID>

where <object ID> is the numeric identifier that the application assigned to the object when placing it in Backup.

To restore an object under a new name to a specified directory, execute the following command:

kfl-control --restore <object ID> --file <file path>

where --file < file path> is the new name of the file and the path to the directory you want to save it to. If the specified directory does not exist, the application creates it.

If you do not specify a new file name and a new directory, the file is restored with its original name to the original directory.

Deleting objects from Backup

To remove selected objects from Backup, run:

kfl-control --mass-remove --query "<filter conditions>"

where <filter conditions> is one or several logical expressions in the format <field> <comparison operator> '<value>', combined with the help of the logical operator and to limit the results.

Examples:

To remove an object with ID=15:

kfl-control -B --mass-remove --query "ObjectId == '15'"

To remove objects that contain "test" in their names or paths:

kfl-control -B --mass-remove --query "FileName like '%test%'"

To remove all objects from Backup, run:

kfl-control -B --mass-remove

Page top
[Topic 290539]

How to manage objects in Backup using the application interface

You can use the application interface to take the following actions on Backup objects:

  • View information about objects placed in Backup on the device.
  • Restore objects from Backup to their original directories.
  • Remove objects from Backup.

    Deleted objects cannot be restored in the future.

Information about restoring and deleting objects is saved to the event log.

To view objects in Backup:

  1. Open the main application window.
  2. In the lower part of the main application window, click the Backup button.

    This opens the Backup window, displaying a list of objects placed in Backup. The following information is displayed for each object:

    • Object name.
    • Full path to an object.
    • The date when the object was added to Backup.
    • The date when the object was deleted from Backup (this field is displayed if Backup retention period is set).
    • Object size.

To restore an object from Backup:

  1. Open the main application window.
  2. In the lower part of the main application window, click the Backup button.

    This opens the Backup window, displaying a list of objects placed in Backup.

  3. Select the check box next to the object you want to restore.
  4. Click Restore.

    The application restores the object to its original directory.

    We recommend restoring files from backup copies only if these have a status of Disinfected. Restoring infected objects may lead to a device infection.

To delete an object in Backup from your device:

  1. Open the main application window.
  2. In the lower part of the main application window, click the Backup button.

    This opens the Backup window, displaying a list of objects placed in Backup.

  3. Select the check box next to the object you want to delete.
  4. Click the Delete button.

    The application deletes the object from your device.

Page top
[Topic 290391]