You can configure a recovery plan for ransomware recovery with integrated vulnerability and security analysis.
In a recovery plan, select the 'Activate ransomware recovery' option to use the plan for ransomware recovery or ransomware recovery tests. Running a plan for a ransomware recovery test is the same as running a ransomware recovery plan, except that a ransomware recovery test has no option to recover VMs to a protected site.
Configuring ransomware for a recovery plan requires choosing from the following options:
- Activate ransomware recovery. Enable ransomware recovery for the plan. When you save the plan, you start being charged for ransomware recovery for all VMs protected by a recovery plan.
- Use integrated analysis. Enable integrated security and vulnerability analysis for VMs in the plan. When you run the plan and start VMs for recovery, VMware Cloud DR installs a security sensor on VMs, which enables ransomware analysis. For Linux VMs, you must install the security sensor manually, and uninstall any existing security sensors from the VM. For more information, see Manually Install Sensors. Integrated analysis does not trigger any additional charges.
- Pause when starting a VM to manually remove production security sensors. Pause when starting VMs during ransomware recovery so you can remove any production sensors or security software, which might interfere with VMware Cloud DR integrated analysis and impact the isolated recovery environment of the recovery SDDC. For more information, see Uninstalling Sensors.
- Do not use integrated analysis. If you want to use your own security tools for ransomware recovery on your recovery SDDC, select this option. When selected, no VMware Cloud DR security sensors are installed when you start VMs during ransomware recovery.