Our environment was infected by a sleeper virus that just went active, but it's been on several machines in our network for months. I looked in our Avamar 7.2 backups and found the virus files stored there in multiple places. Is there a way to remove just those files from the backups, or block them so they can never be restored? I'd prefer something simple, but if the only way is complex, I'm willing to consider that as well.
Waide R. Yokom
It's not possible to alter the original backups. The way Avamar stores data means that removing individual files from a backup isn't possible because it would damage the referential integrity of the backup, leading to hfscheck errors.
I see two viable options if you really, really want to get rid of the affected files.
1. You could delete the original backups. This would prevent the files from being restored but it also means you would lose the rest of the backup content.
2. You could get in touch with your account team about setting up ADMe to restore the affected backups to a staging server, remove the affected files, write the backups back to the system, and delete the originals. There are some caveats with this process (e.g. the backups would be associated with a staging server instead of the original client system; it may take significant time to process the backups since they have to be restored in full, then backed up again) but it would allow you to retain the unaffected data while still purging the affected files. There may be some other caveats. Adam Kirkpatrick?