Follow these steps to configure an Elastio policy for EC2 protection.
Contents
- Access the Policies Menu
- Step 1: Name, Schedule, and Activation Settings
- Step 2: Choose Assets to Protect
- Step 3: Recovery Assurance, Recovery, and Scan Settings
- Step 4: Create
Access the Policies Menu
Navigate to the Policies section in the Elastio console.
Step 1: Name, Schedule, and Activation Settings
This screen defines the basic details for your protection policy, including its name, scan schedule, time zone, and activation timing.
Policy Name
Enter a descriptive name for your policy.
Choose a name that makes it easy to identify the purpose or scope of the policy (e.g., Daily EBS Ransomware Scan).
Schedule Frequency
Daily – Runs once every day at the set time.
Weekly – Runs once a week on the selected day and time.
Monthly – Runs once a month on the selected date and time.
Select the frequency that matches your organization’s protection requirements.
Protection Window Start
Sets the time the protection or scan begins based on the selected schedule frequency.
Use the clock icon to adjust the start time.
Time Zone
Defines the time zone for the schedule.
Select the appropriate time zone to ensure scans start at the correct local time.
Activation Settings
Choose when the policy becomes active:
Activate now – The policy takes effect immediately.
Pause until… – Delays activation until the specified date and time.
Step 2: Choose Assets to Protect
In this step, you select the assets that will be protected by the policy you are creating. You can choose from EC2/EBS volumes, S3 buckets, or EFS file systems.
Choose Scope
Dropdown menu – Displays the number of assets currently selected.
-
You can select:
All Assets – Protect every asset of the selected type.
Specific Assets – Choose individual items.
Asset Tags – Filter and select assets based on tags.
Asset Type Selection
EC2/EBS – Protect EC2 instances and associated EBS volumes.
S3 Bucket – Protect Amazon S3 storage.
EFS – Protect Elastic File System volumes.
Select By
Select Option -> All EC2 – Includes all EC2 instances.
All EBS – Includes all EBS volumes.
All Assets – Includes all available resources for the chosen asset type.
Select Option -> Specific Assets – Allows manual selection of resources from the list.
Select Option -> Asset Tags – Select based on AWS asset tags.
Asset Toggle
Select Option -> EC2 – Displays EC2 instances in the list.
EBS – Displays EBS volumes in the list.
Asset List Table
Each row represents an asset, with the following columns:
Resource ID – The unique identifier of the asset.
Account ID – The AWS account where the asset resides.
Last Backup – Date and time of the most recent backup (or "No Backups" if none exist).
Policy – The currently assigned protection policy.
You can select multiple resources using the checkboxes in the Resource ID column.
Tip:
If multiple accounts are displayed, ensure that you select resources from the correct AWS account to avoid unintentional protection gaps.
Step 3: Recovery Assurance, Recovery, and Scan Settings
This step allows you to configure how Elastio detects threats, validates data integrity, and manages recovery points for your EC2 assets.
Recovery Assurance Settings
These settings define how Elastio protects your backups and ensures recovery readiness:
Zero-Day Ransomware Detection
Uses a 3-layered behavioral machine learning model to detect never-before-seen ransomware. Models are continuously updated with the latest ransomware research from our security lab.Encryption Detection
Identifies internal threats by detecting newly encrypted or suspiciously modified files. Uses behavioral analysis to compare file changes between scans, flag encryption activity, and analyze file types for signs of compromise.Malware Signature Scan
Detects known threats including ransomware payloads, Trojans, spyware, adware, and crypto-miners. Signature databases are updated frequently (up to hourly) to ensure maximum protection.File System Verification
Validates that snapshots and backups are application-consistent and recoverable. Flags file systems that may fail to restore usable application data.
EC2 & EBS Settings
These options determine what recovery points are retained and when scans occur:
Recovery Settings
Always keep the latest clean copy of data – Ensures you can always recover from the most recent verified clean backup.
Always keep the latest infected copy of data – Preserves the most recent infected copy for investigation and forensic purposes.
Scan Triggers
Scheduled + On-Creation Scan (optional) – Performs regular scheduled scans and adds an immediate scan when a new EC2 or EBS asset is created.
Tip:
Selecting all detection and verification options provides the most comprehensive protection, combining behavioral and signature-based detection with recovery assurance.
Step 4: Create