Skip to main content

Who is this article for?

Code42 for EnterpriseSee product plans and features
CrashPlan for Small Business 

CrashPlan for Small Business, no.

Code42 for Enterprise, yes.

Link: Product plans and features.

This article applies to Code42 cloud environments.

Code42 Support

Recommended Code42 console settings

Overview

This article lists settings in the Code42 console that we recommend to optimize operation of your Code42 cloud environment. It lists only the highest-value settings rather than all settings in the Code42 console.

Let Code42 implement the recommended Code42 console settings
Rather than managing these settings yourself, consider having Code42 set them for you. Click here to request that Professional Services update your Code42 environment settings to our recommended defaults. 

Considerations

  • You must have the Customer Cloud Admin role to apply these settings.
  • The recommended settings in this article reside at the organizational level. To apply the settings to a child organization only, ensure that you first disable inheritance from the parent organization. For example:
    • To disable inheritance of all device backup defaults, on the Device Backup Default Settings General tab, deselect Use device defaults from parent.
    • To disable inheritance of security settings for an organization, on the Organization Settings Security tab, deselect Inherit security settings from parent

Recommended settings

Feature Setting Push or Lock? Location in the Code42 console Benefit
General:
When user is away, use up to __ % CPU
30 Lock General tab of Device Backup Default Settings Allows adequate CPU allocation for Code42 operations, including the the initial metadata file collection scan, without taking too many CPU resources away from other applications.

General:
When user is present, use up to __ % CPU


20
Global Exclusions Set to our recommended global exclusions Lock General tab of Device Backup Default Settings

Excludes non-user files from collection in backup archives, such as operating system and application files. Using our recommended global exclusions results in shorter CPU processing times and less bandwidth usage. These exclusions apply to backing up files only. Security monitoring of these files still continues. 

 

Setting Global Exclusions excludes the files from backup no matter where the files are being backed up to, whether to local storage (for example, an external drive) or to Code42 cloud storage. Files selected with this setting are also removed from all archives.

 

We recommend locking this setting to prevent users from using the Code42 app to override the global file exclusions.

Cloud Exclusions None Lock General tab of Device Backup Default Settings Prevents files from being backed up only to local storage. As a result, backup and restore file selections more closely match archive size in the cloud. 
General:
Preferred time for verification scan

7 days at 12:00

 

Lock Backup tab of Device Backup Default Settings

Runs a file verification scan at noon every seven days to check endpoints for file changes and deleted files within backup selections. Setting the scan at noon increases the chance that the endpoints are powered on and awake.

 

If the scan is run during off-business hours when endpoints are typically powered off or asleep, the scan cannot run until the next time the endpoint is powered on and awake, tying up endpoint resources just when users are starting them up for their work day.

 

We recommend locking this setting to prevent other administrators from changing it. (Users can still manually scan for file changes from the Code42 app.) 

File selection: Included files :allusers Lock Backup tab of Device Backup Default Settings

Backs up all files in all users' home folders through use of the :allusers substitution variable. Backups include the parent Users folder:

  • Windows: C:\Users\ 
  • Mac /Users/ 
  • Linux: /home/ 

We recommend locking this setting to prevent users from removing folders or files from backup file selection in the Code42 app.

Pausing Controls:
Allow pausing of:

  • Backup
  • Legal Hold Backup
Unselected Lock Backup tab of Device Backup Default Settings

Removes all pause controls from the Code42 app, thereby preventing users from pausing backups of files, including files under legal hold. Preventing pausing of backups ensures more complete sets of backed up files, because every time a backup is paused, it can result in some files being missed in the backup process.

 

We recommend locking the setting to prevent other administrators from changing it.

Frequency and versions:
Remove deleted files
90 days Lock Backup tab of Device Backup Default Settings Removes deleted files from backup archives after 90 days. 
Sending Limits:
Limit sending rate when away to
5 Mbps Push Network tab of Device Backup Default Settings

Allows adequate network bandwidth for Code42 operations without taking too much bandwidth away from other processes. Using the setting of None is not recommended because it can result in Code42 operations sometimes inordinately slowing network speeds for other processes.

 

We recommend pushing the setting rather than locking to allow administrators of child organizations to adjust the setting as needed for their organizations.

Sending Limits:
Limit sending rate when present to
5 Mbps
Auto:
Require account password to access Code42 app
Selected Lock Security tab of Device Backup Default Settings  Requires that the user enter the correct password to open the Code42 app. This setting helps protect backed-up files from being accessed or deleted by an unauthorized user.
Archive Key Encryption Key Standard Lock Security tab of Device Backup Default Settings 

Allows users or administrators to restore files from archives without providing an additional password. We strongly recommend the Standard setting. 

 

We also recommend locking the setting to prevent users from setting archive key passwords in the Code42 app. If users set archive key passwords, administrators can be locked out of user backup archives if the administrators cannot provide the passwords that users set.

Web Restores Disabled Lock Security tab of Organization Settings

Prevents administrators in the organization from performing zip file web restores, thereby keeping archive data from being decrypted on the Code42 server system. This secures user data from access on the server by administrators. Use this setting if your organization adheres to NIST 800-171 compliance

 

We recommend locking the setting to prevent other administrators from changing it.

Client Visibility Hidden Lock Security tab of Organization Settings Removes most user-facing indications of Code42's presence from endpoints. 

Recommended global exclusions

We recommend excluding operating system files, application files, and the like from being backed up, since users don't directly interact with these files and they can be restored by reinstalling the operating system or application. 

We recommend setting Global Exclusions to exclude the following files.

All platforms

(?i)^.*(\.class|-journal|\.Win386\.SWP|PM_HIBER\.BIN|SAVE2DSK\.BIN|SYSTEM\.DAT|TOSHIBER\.DAT|Thumbs\.db|USER\.DAT|\.bck|\.bkf|\.cdt|\.hdd|\.hds|\.icloud|\.ini|\.lrprev|\.manifest|\.mum|\.nib|\.nvram|\.ost|\.part|\.pvm|\.pvs|\.rbf|\.tib|\.tmp|\.upd|\.vdi|\.vfd|\.vhd|\.vhdx|\.vmc|\.vmdk|\.vmem|\.vmsd|\.vmsn|\.vmss|\.vmtm|\.vmwarevm|\.vmx|\.vmxf|\.vsv|\.vud|\.xva|memory\.dmp|/Lightroom.*Previews\.lrdata|\.sparsebundle|\.sparseimage|/(cookies|permissions)\.sqlite(-.{3})?)$
(?i)^.*(/Apple.*/Installer Cache/|/Cache/|/Cookies/|/Music/Subscription/|/Plex Media Server/|/Steam/|/Temp/|/\.dropbox\.cache/|/\.git/|/iPod Photo Cache/|/node_modules/|/tmp/|/tsm_images/|\.Trash|\.hdd/|\.pvm/|\.cprestoretmp|\.nvm|\.npm|\.gradle).*

Windows

win:(?i)^.*(/I386|/System Volume Information/|/Temporary Internet Files/|/Windows Update Setup Files/|\$RECYCLE\.BIN/|/NTUSER|/Safari/Library/Caches/|/Windows Defender/|/cygwin(64)?/(bin|dev|etc|lib|sbin|tmp|var|usr)/|UsrClass\.dat).*
win:^.*(/Local Settings/Temp|/Local.*/History/|/LocalService/|/MSOCache|/NetHood/|/NetworkService/).*
win:(?i)^.*(/pagefile\.sys|\.etl|\.mui)$
win:(?i)^.:/(Recovery/|boot/|ESD/|Recycler/|Dell/|Intel/|Oracle/|PerfLogs/|Program Files( \(x86\))?/|ProgramData/|Users/All Users/|Users/[^/]+/AppData/|Windows(\.old)?/|\$WINDOWS.~(BT|WS)/|_RESTORE/|_SMSTaskSequence/|safeboot/|swsetup/).*
win:(?i)^.:/(Config\.Msi|HIBERFIL\.SYS|HIBRN8\.DAT|autoexec\.bat|boot\.ini|bootmgr|bootnxt|bootsect\.bak|config\.sys|io\.sys|msdos\.sys|ntdetect\.com|ntldr|swapfile\.sys)$​

Mac

mac:^/Library/.*\\.(db|dat|dat.*|log|itdb.*|ldb|sqlite|tmp|store|crash|lock|ics|trn|temp|sbstore|.*-wal|.*-shm|.*-index|~tmp|.*-lock|.*-new)$
mac:(?!)^.*(/iTunes/Album Artwork/Cache/|/Network Trash Folder/|/Photos Library.*/Thumbnails/|/backups.backupdb/|/iP.* Software Updates/|/iPhoto Library.*/Thumbnails/|/iPhoto Library/iPod Photo Cache|/migratedphotolibrary/Thumbnails/|\.imovielibrary/.*/Analysis Files/|\.imovielibrary/.*/Render Files/).*
mac:^.*(/Trash/|/\.fcpcache/|MobileBackups/|\.Spotlight-.*/|\.fseventsd|\.hotfiles\.btree|/bin/|/home/|/sbin/|/cores/|/private/|/var/).*
mac:(?!)^.*(\.imovielibrary/\.lock)$
mac:^.*(\.DS_Store|\.plist|\.strings)$
mac:(?!)^/(usr/|opt/|etc/|var/|Users/((?!XCode).)*/Applications/|Users/Shared/|dev/|Library/(?!($|Application Support/$|Application Support/CrashPlan/$|Application Support/CrashPlan/print_job_data/.*))|proc/|/Library/InstallerSandboxes//Users/.*/Library/Application Support/Google/DriveFS/|/Applications/.*\.app/Contents/|/Users/.*/.vscode/extensions/).*
mac:^/(Applications/|Desktop DB|Desktop DF|Network/|Previous Systems|System/|Users/.*/\.cisco/vpn/log/|Users/.*/\.dropbox/|Users/[^/]+/Library/|\.DocumentRevisions-V100/|\.PKInstallSandboxManager-SystemSoftware|\.adobeTemp/|\.vol/|afs/|automount/|lost\+found/|net/).*

Linux

linux:(?!)^/(usr/(?!($|local/$|local/crashplan/$|local/crashplan/print_job_data/.*))|opt/|etc/|dev/|home/[^/]+/\.config/google-chrome/|home/[^/]+/\.mozilla/|sbin/).*
linux:^/(cdrom/|dev/fd/|devices/|dvdrom/|initrd/|kernel/|lost\+found/|proc/|run/|selinux/|srv/|sys/|system/|var/(:?run|lock|spool|tmp|cache)/|proc/).*
linux:^/lib/modules/.*/volatile/\.mounted