You can back up the Symantec Advanced Threat Protection (ATP) data from an all-in-one appliance or management platform appliance to a remote computer. (Network scanners do not store data, therefore they do not require backups.) The backup can then be used to restore the events on the same appliance or on a different, but compatible appliance. For example, when you upgrade to a new ATP appliance, you can back up the old model and restore the events to the new model.
In ATP version 3.1, you cannot restore data from previous ATP versions. You can restore the backups that are made on ATP version 3.1 and later.
As a best practice, you should include backing up ATP as part of your network backup scheme. Another best practice is to back up appliance data before you update an all-in-one appliance or management platform appliance.
You can back up ATP in the following ways:
Schedule backups in ATP Manager in Settings > Global. You specify the backup file location on a remote computer.
Run the CLI backup command from the system console. You can specify a backup file location on a remote computer.
You restore ATP data to an all-in-one appliance or a management platform by running the CLI restore command from the system console.
Event data can be backed up and restored. However, configuration of the appliance is not restored using the restore command. A backup stores most of the configuration data for the management platform in text form. As a best practice, Symantec recommends that you use the --encrypt keyword when using the backup command from the command line to secure your configuration data. You can view the text contents of a backup if you want to re-enter configuration data into ATP Manager.
For example, ATP saves a backup on December 5, 2015 at 13:57:52 hours as:
The product version consists of the major, minor, revision, and build numbers. The hour follows the 24-hour format.
You can rename the backup file without affecting the restore process. Do not attempt to edit the backup file.
When you perform a backup, ATP logs an event in the System Activity Log. The log lists the start and the end time of the backup, the success or failure, the files that are backed up, and additional information.