This article explains :Recover Archive content using Version and Archive List displays.
Introduction
SSProtect manages host-based information using encryption, integrity protection, strong access control, and a variety of additional protective facilities such as native workflow integration and continuous protection while data is used in application software.
With the optional use of :Recover, information is securely stored in an isolated Archive (often in the cloud) for restoration at a later time. The process was designed to be minimally intrusive with respect to end-user workflows, with results that are truly seamless except for a change in the way data is sent to and received from KODiAC (Cloud) Services.
Data transfers and storage are governed by a combination of proprietary secure networking primitives, patented cryptographic offloading, and isolation. This tight coupling manifests in several different Conversion facilities, each with different features, as detailed in the article, Operating Modes.
Managed Versionlist
The Managed Files/ Restore context menu selection (from the SSProtect notification icon) displays the set of managed data files associated with your SSProtect Profile, described in the article, Managing Host Data.
From the Hostlist display, choose a managed item then choose Versions... to display the Versionlist:
The Versionlist shows each individual managed instance of the chosen file, with each entry representing a secure access operation carried out by the noted SSProtect User(name). The, "A" column, "Y" indicates that a specific Version can be Restored.
Versionlist - :Recover and Size
In the example above, Version 1 shows a Size=0. This does not reflect the size of the file in host-local storage, rather the size of the Item stored in the :Recover KODiAC Archive. As a result, Version 1 is not available for Restore - as further evidenced by the, "-" in the right-most Archive column.
Details for operations associated with enumerated Versions are available in :Assess File Detail Reports for authorized Users. In general, a User can see details specific to any operation he/ she carried out with his/ her Account, and Privileged Organization Users managing his/ her Account can see the same (and more).
Verisonlist - :Recover Availability
There are many cases when Version-specific content is not available for Restore operation.
First, the, "owner" of a protected item is the Account that created Version 1 in a Version Chain. The owner Account policy dictates the resulting Operating Mode of a Versioned instance. If/ when an Account's configuration changes, subsequent Versions, created by the owner, reflect those changes.
Access by Sharing Peers and Third Party Trusts, on the other hand, do not ordinarily change the Operating Mode of the instance they access, attempting to maintain consistency by the new instances they create. For example, if sharing User isn't using :Recover and if the item he/ she is accessing via :Collaborate Sharing permissions, new Version instances will be maintained in the owner's KODiAC Archive while at the same time impacting :Recover Quota.
In some cases, shared User execution cannot re-encrypt content with required Hybrid or Double Operating Modes. In such cases, SSProtect will fallback to Optimized Offloading. This will result in a Versionlist entry with a size=0. Remember, however, that a 0-size doesn't necessarily mean that is the case.
In our example, above, Version 5 created by the fictitious wayne@staffwrite.com cannot be Restored. Why? Though details can be found in related Reports, this case is driven by the use of Hybrid Conversion and the fact that Wayne is operating as a Third Party Trust. If content was being managed with Double Conversion, Wayne's Versions would be available for Restore.
For more information, refer to the article, Restoring and Replicating.
Versionlist Hash
Notice the example Versionlist shows a different Hash for some of the Versions. This indicates that the file's plaintext content was changed. If however the file was opened and subsequently closed without modification, you see two Versions with the same Hash value - as with Versions 1, 2, and 3.
The Hash can be derived using MD5 or SHA1, which is determined for an Organization in the License and Components Interface. Though all Users can view those settings, only Privileged Accounts can make changes (due to the impact across Organization Accounts).
Managed Archivelist
The set of :Recover KODiAC Archive files (for the calling Account) - the Archivelist - appears in the Managed Files/ Restore display after choosing the Archive... button. For our previous example, content is as follows:
The Archivelist enumerates the latest version of each :Recover-stored file.
Notice, in our example, the familiar staffwrite_candidates.xlsx shows Version 6, not Version 7 as depicted in the Versionlist before. As previously noted, items with Size=0 are not saved in the KODiAC Archive, and as a result this list does not reflect the presence of Version 7. When executing Restore, Version 6 will be the first candidate - and this case, the Restored instance.
Note that, in this case, had we chosen to look at the Archivelist after Wayne created Version 5, we would in fact see Version 5 in the Archivelist. Content is stored in the KODiaC Archive despite that it is not available to the Owner (and as of the time of this writing, also not to Wayne). As such, a Restore operation would then work backward through each subsequent Version until a proper candidate was found.
Restore/ Replicate operation is detailed in the article, Restoring and Replicating.
File Size Details
Astute observers will have noticed that the Size shown in the Archivelist differs than that shown in the Versionlist.
Archivelist values reflect plaintext content Size for the related Version, whereas the Versionlist value represents an interim host-specific ciphertext Size that's useful when conducting Forensic Analysis and reconstructing data to track attacker actions. For details, contact your DefiniSec Representative.
File Date/ Time Values
Date/Time information should match Windows Explorer figures - specifically the Last Modified value in a file's Explorer Properties display - of course with the caveat that Managed Files/ Restore displays enumerate content using UTC/ GMT values to align with :Assess Report data.
Host List Date/Time values may in certain cases be missing, replaced with, "N/A". This indicates that a host-local version could not be found and/ or read, and also that an associated instance could not be identified in the Archive or data history. This can be encountered when a conversion operation is destructively interrupted, for example by removing power (from a desktop or workstation that doesn't have or use a battery).
Finally, if a file's Host List State does not match what's found in local storage, the Date/Time value will include an asterisk. This is a rare error condition that should seldom (if ever) be observed, and as a result warrants further investigation if/ when present.
Archivelist File Hashes
The Versionlist Hash value reflects plaintext computation, as noted above. Note that both plaintext and ciphertext hashes can be found in associated :Assess File Report entries.
The Archivelist only displays Hash data when the associated Filename cannot be decrypted, often the result of a critical failure while accessing managed content. This is seen when the Filename is replaced by the unique File ID, and the Path replaced by the (plaintext) Hash.
Archive List Functions
Controls are nearly the same as those described in the article, Managing Host Data, except as noted in the next section. This holds true for column-based sorting, and as you may notice, Lists are first displayed with most recent items at the top, descending by GMT date/ time associated with the item's last secured write/ close operation.
As expected, you can Filter/ Clear using the controls described for the Hostlist (don't forget the Filter retains its' entry when navigating to other List displays), and you can also choose an item then Open Folder to open File Explorer in the target's native folder. If for some reason the native location has been removed, File Explorer will display the Default Folder.
Static Load, Refresh for Changes
The Managed Files/ Restore Lists are loaded and enumerated when you navigate to the context menu and choose to display content. As you perform operations and move from one List to another, you will find a need to see updated values. Use the Refresh button from any of the three displays to render updated content.
IMPORTANT: Remember that switching from one List view to another does NOT refresh content, for performance reasons - though it may be re-sorted (until these proceedings are further optimized).
Archive and Hostlist Divergence
Hostlist functionality differs from the Archivelist for Clean and Refresh operations, which are described below. Opt Filter is not available from the Archivelist, though Replicate is unique to the Archivelist and not enabled elsewhere. Additional Replicate details are available in the aforementioned articles further detailing :Recover.
Client "Cache"
The Archivelist can be quite long, and Archive Filenames are not stored in plaintext. For this reason, creating the plaintext enumeration can be time-consuming, and for long lists takes more than a few seconds to complete.
For this reason, SSProtect keeps and refers to interim data that maintains state for all known entries, providing quicker secured access to changes (though this is not a true cache). Interim data is updated on the fly, each time application logic or end-user actions refer to Archivelist resources. This allows you to perform Archivelist Refresh operations that return updated information more quickly.
Cleaning the Archive List
Archivelist Clean removes the above-noted interim data then re-acquires all content going back to the very first day your Account was used. This can take some time after a couple years of use, as each entry can take upwards of 4-5s to process, depending on your host computer and dependency details.
Note that you shouldn't have a need to Clean your Archivelist except when troubleshooting issues.
Additional Resources
:Email is fairly complex and specific to integration with Microsoft Outlook. Use Policies to control default behaviors - more information will be available in related articles.
In the meantime, you can search this site for more information on various topics, or use this link to submit a specific request. You can also send email directly to support@definisec.com, and our staff will respond to your needs as soon as possible.
In the meantime, don't forget to check out our primary website and Insights columns for information on current trends, security topics, and how our technologies relate.
This article was updated w/ v10.5.2 of the :Foundation Client