Login

u/CloudBerryBackup

How GFS retention works and why it matters for compliance
▲ 9 r/MSP360

How GFS retention works and why it matters for compliance

GFS (Grandfather-Father-Son) is a retention scheme worth understanding if you're managing backup for clients with documented data retention requirements.

How it works:

  • Daily (Son) – keep one recovery point per day for N days (typically 7)
  • Weekly (Father) – keep one recovery point per week for N weeks (typically 4)
  • Monthly (Grandfather) – keep one recovery point per month for N months (typically 12)
  • Yearly (optional) – keep one per year indefinitely

Each "generation" purges when it ages out of its window. Older recovery points are retained according to the configured daily, weekly, monthly, and yearly tiers.

Why it matters for compliance:

Auditors increasingly ask not just "do you have backups" but "can you document your retention policy". GFS gives you explicit, configurable windows you can put on paper.

MSP360 Backup Pro supports GFS with custom intervals per plan → https://www.msp360.com/backup/cloud-backup/

u/CloudBerryBackup — 1 day ago
▲ 23 r/MSP360+1 crossposts

If you've been seeing backup failures since April 14 and can't figure out why, this is probably it.

What happened

On April 14, 2026, Microsoft shipped KB5083769 as part of Patch Tuesday – a cumulative security update for Windows 11 Pro. The update added certain kernel drivers to Microsoft's vulnerable driver blocklist. This broke backup applications that rely on those drivers to create VSS (Volume Shadow Copy Service) snapshots.

Microsoft has confirmed that the blocklisting was intentional and considers it a security improvement, not a bug. Which is cold comfort when your backups are failing.

What it looks like

  • Backup plans fail with Error 2426: VSS timeout exceeded – meaning VSS couldn't complete a snapshot within the 2-hour window
  • Running vssadmin list writers in an elevated Command Prompt just sits there with "Waiting for responses" and never returns
  • System counters (Available Bytes, Committed Bytes, etc.) stop working
  • Log collection may hang when trying to read those counters

What actually works right now

Option 1: Install update KB5083631 without uninstalling KB5083769 first, then reboot. This has resolved the issue for a number of users.

Option 2: Uninstall KB5083769 entirely, then reboot.

No official out-of-band fix from Microsoft yet.

If you're running MSP360 backups, the full diagnostic guide with step-by-step instructions is here: https://kb.msp360.com/backup/errors/2426-vss-timeout-exceeded

Happy to answer questions if anyone's running into edge cases.

reddit.com
u/AlexanderMSP360 — 7 days ago
▲ 11 r/MSP360

A few updates worth mentioning:

Unauthorized agent removal protection
You can now set a password requirement to uninstall the Windows RMM agent. This helps prevent end-users or malicious actors from removing the RMM agent from managed endpoints.

New alert types
Two additions: 1 – alert when a monitored service or daemon fails to start after a reboot, 2 – per-process CPU and RAM resource thresholds in addition to already existing system-wide alerts. 

Linux: software management + interactive shell
Full software install/update/uninstall for Linux endpoints is now in the console. The interactive shell gives you direct command-line access from the MSP360 interface – no separate SSH session needed.

Pattern-based scheduling
Group Action tasks now support weekday-based scheduling patterns like "the 2nd Thursday of every month", not just "day 14". If your maintenance windows are weekday-specific, this automates manual task scheduling.

Dynamic scoping
Tasks scoped by company or tag now automatically include new endpoints added to that scope. One less thing to update manually when onboarding a new machine.

Happy to answer questions about any of these. Full release details here → https://hubs.ly/Q04fHg1W0

reddit.com
u/CloudBerryBackup — 8 days ago
▲ 11 r/MSP360

Two mechanics worth understanding if you're backing up production Windows servers.

VSS (Volume Shadow Copy Service): A Windows framework that coordinates consistent snapshots of files that are open or locked by running applications. Without it, your backup skips those files or captures them in an inconsistent state. With it, SQL, Exchange, Hyper-V, and other VSS-aware applications expose their data in a crash-consistent or application-consistent state at the moment of backup – no downtime required.

Block-level incremental: After the initial full backup, only the changed blocks within files are transferred on subsequent runs – not the full file. A 50GB database file with 200MB of actual daily changes transfers 200MB on day two, not 50GB again.

MSP360 Backup Pro uses both for supported workloads and configurations. The practical outcome – shorter backup windows, lower storage growth, and recovery points that actually work for production workloads → https://www.msp360.com/backup/

u/CloudBerryBackup — 10 days ago
▲ 8 r/MSP360

With 8.6, we've significantly expanded Object Lock (immutability) support in MSP360 Backup. Here's what changed and how it works.

What Object Lock does

It puts a time-based lock on backup data in storage. While the lock is active, data can be read and restored  but cannot be modified or deleted. The mechanism is WORM (Write Once, Read Many).

This protects against:

  • Ransomware targeting backup storage
  • Accidental deletion (bad policy, human error)
  • Compliance requirements that mandate data retention for a defined period

Two types of Object Lock

Default Object Lock – locks all backup data written to a destination automatically. Configured on the cloud storage provider side. Works for both NBF and CBF plans.

Object Lock for GFS Backups – locks only full backups selected by GFS retention policy. Configured in Managed Backup. NBF only.

You can combine both for layered protection.

What's new in 8.6

Previously Object Lock for GFS was only available for specific plan types. Now it extends to:

  • FFI (Forever Forward Incremental) backups
  • SQL Server backups
  • Legacy Backup Format

New storage destinations: S3-compatible, MinIO, IDrive E2, Azure, Google, MSP360-powered storage (Wasabi and Amazon S3).

A few things to know before enabling

  • Object Lock must be enabled at bucket creation – it can't be added to an existing bucket later
  • Versioning must be enabled (auto-enabled for AWS S3 and Wasabi via MSP360)
  • S3 destinations require GetBucketObjectLockConfiguration permission
  • Azure and Google storage can't be configured for Object Lock through MSP360 Management Console – you need to configure retention on the storage side manually, then specify the retention period in MSP360
  • For Microsoft 365 and Google Workspace backups, Object Lock works together with per-user/per-domain retention policies. If no retention policy is assigned, backups won't be locked even when Object Lock is enabled on the storage
  • Compliance mode means no one can delete data before the retention period expires – including root users. The only way out is terminating the storage account. Plan carefully

Full article with details: https://www.msp360.com/resources/blog/object-lock-for-immutable-backup/ 

Happy to answer questions.

u/CloudBerryBackup — 16 days ago
▲ 6 r/MSP360

If you're managing multiple clients with different storage requirements (compliance, cost, geography), the per-company destination config in MSP360 Managed Backup is one of the more practical features to get right early.

A few patterns that have worked well in practice:

Bucket naming: include client identifier as a prefix (clientname-workstations, clientname-servers) rather than using one flat bucket per client. Makes IAM policy scoping cleaner.

Credentials: separate IAM user per client rather than shared credentials. If a client offboards, you deactivate one user without touching others.

Region selection: match the cloud region to the client's primary data residency requirement upfront – migration after the fact is painful.

Happy to share more on the IAM side if useful. What's your current structure?

reddit.com
u/CloudBerryBackup — 17 days ago
▲ 6 r/MSP360

Before you evaluate any freemium RMM, it's worth knowing exactly what's included and what's gated. For MSP360 RMM Community Edition ⤵️

Included:

  • Endpoint monitoring (CPU, memory, disk, services)
  • Hardware and software inventory
  • Configurable alerting
  • Remote script execution (PowerShell, batch)
  • Basic patch management visibility

Where limits are:

  • Endpoint count cap (up to 50)
  • Built for MSPs rather than internal IT use
  • Paid plans add scale and premium support

The endpoint limit means it's a real tool for small MSPs, not just a trial vehicle. If your environment fits within the ceiling, CE is a permanent-capable solution, not just an evaluation → https://www.msp360.com/rmm/free-rmm-software/

u/CloudBerryBackup — 20 days ago
▲ 3 r/MSP360

There's a category of backup setup that gets overlooked: environments where you already have cloud storage (an S3 bucket, a Backblaze B2 account, whatever) and just need a solid client to manage jobs to it without paying a per-seat license on top.

MSP360 Backup Free fits this gap. You point it at your existing storage destination and it works. No time limit, no vendor-managed cloud storage you didn't ask for.

Practical use cases it fits well for standalone or smaller-scale deployments:

  • Homelab or dev environments where you want proper backup without commercial cost
  • Standalone workstations already covered by a separate storage contract

The constraint is that it's unmanaged – no central console, no multi-tenant reporting. If you need those, you're in Pro or Managed Backup territory.

🔗 MSP360 Free Backup Software: https://www.msp360.com/backup/free-backup-software/

u/CloudBerryBackup — 27 days ago
▲ 4 r/MSP360

Most backup tools will tell you a job ran. Fewer make it easy to verify, across 50 client environments at once, that every job ran and completed without issues worth investigating.

The failure mode is familiar: a job technically completes but the job completes with warnings, the retention policy purged more than expected, or an endpoint went offline mid-job and nobody noticed, the retention policy purged something it shouldn't have, or an endpoint went offline mid-job and nobody noticed. In a single-client environment you catch this on the next manual check. In a multi-tenant MSP setup, it can go weeks without surfacing.

MSP360 Managed Backup has a centralized console that aggregates backup status and storage consumption across all company accounts. You can schedule automated reports per client or globally – useful for catching the quiet failures that don't generate tickets.

👉 https://www.msp360.com/backup/msp-backup/

u/CloudBerryBackup — 29 days ago