Getting Started with Datto Endpoint Backup for PCs

Topic

This article describes system requirements for the Datto Endpoint Backup for PCs Agent.

Environment

Datto Endpoint Backup for PCs

Description

Overview
System requirements
Considerations
Versioning
Installation
Frequently asked questions
Additional Resources

Overview

The Datto Endpoint Backup Agent lets you back up protected Windows 10 and 11 systems' volumes directly to the Datto Cloud without using a SIRIS, ALTO, or NAS appliance.

Datto designed Datto Endpoint Backup to be mobile and agile. If your protected machine loses connectivity to the Internet or shuts down in the middle of a backup, Datto Endpoint Backup's intelligent agent software will resume the backup where it left off when the system restarts or reconnects.

File restore, virtualization, and Bare Metal Restore are available with the Datto Endpoint Backup Agent. You can restore from any snapshot.

Organization access can be setup to allow your organization to perform self service file restores. See Creating an Organization User.

System requirements

NOTE Windows 7 Desktop is no longer supported after May 31st 2024. Microsoft no longer provides security updates (external link) for this version. This does not remove agents backed up using this Operating System, but Datto will no longer be testing new releases on the unsupported versions and support assistance may be limited for these agents.

OS	Windows 11 Desktop (all 64-bit versions) Windows 10 Desktop (all 64-bit versions) Latest updates and service packs should be installed NOTE Windows 10/11 Enterprise multi-session is not compatible. If this is your Windows version, please consider Windows Backup for Microsoft Azure.
Hardware	The total combined capacity of all included volumes must be 1.5 TB or less.
Memory requirements	At least 1 GB of free RAM on the production machine
Disk space requirements	Each protected volume must have 10% of the volume's total size available for the DattoCtrl or Datto.ctl file, The minimum size of this file will be 1GB. If 10% of the volume is more than 10 GB, the file's size will be 10 GB regardless of the size of the volume.
Network	Port 443 on the protected machine must be open outbound. Additionally, port 993, 80, or 587 on the protected machine must be open outbound. Only one of these three ports is necessary; the agent will try all three when attempting to connect to the cloud storage node. The agent will use a TLS-based proprietary protocol for communication over the first port that it can reach. The Datto Endpoint Backup Agent's installer will attempt to create an outbound firewall exception for outbound traffic on ports 443, 993, 80, and 587 for the agent's executable (%SYSTEMDRIVE%\Program Files\Datto\Datto Cloud Continuity\DattoCloudContinuity.exe). Port 3262 must be open outbound for Bare Metal Restore functionality. All protected machines must be able to resolve mothership.dtc.datto.com,agent-update.datto.comand dattolocal.net in the local DNS. See Unified Backup networking and bandwidth requirements for detailed network requirements and WAN uplink considerations.
Anti-virus exceptions	Create exceptions for Datto Cloud Continuity Service and the DattoProvider service: %SYSTEMDRIVE%\Program Files\Datto\Datto Cloud Continuity\DattoCloudContinuity.exe %SYSTEMDRIVE%\Program Files\Datto\Datto Cloud Continuity\DattoProvider.exe Allow the following file: %SYSTEMROOT%\system32\Drivers\DattoCbt.sys
Other Requirements	The System PATH variable must have powershell included to allow pairing. See PowerShell isn't recognized as an internal or external command(external link) for more information Windows PowerShell version 3 or higher must be installed on the protected machine. Visual C++ runtime must be up-to-date and fully-installed. If Visual C++ 2017 runtime is not up to date or not installed properly, this could prevent an install. If you see errors related to the C++ runtime, reinstall the latest Visual C++ update. Before pairing, you should disable and remove all other backup software from the production machine. Depending on the software, you may need to completely uninstall it for backups to run correctly. When uninstalling other backup software, use a high-level program that eliminates all traces of the incompatible software, including registry keys, DLLs, and stray folders. These components can cause conflicts.

Considerations

The Datto Endpoint Backup Agent can only back up hard drives that are physically attached to the protected machine. The Datto Endpoint Backup Agent cannot back up mapped drives.
Backing up external/removable drives is unsupported. See Volume Level Backup Control for Datto Endpoint Backup for PCs for more information.
Datto Endpoint Backup is not for installation or use on systems already protected by the Datto Windows Agent or other backup solutions. If your protected endpoint currently uses another backup solutions, do not switch to the Datto Endpoint Backup Agent.
For optimal performance you must reboot the endpoint following agent installation. If the machine is not rebooted, it will be unable to take incremental backups and will take a maximum of one backup per day.
Screenshots will not run if Windows updates are pending. You may need to reboot your protected machine for Screenshots to resume on the next backup.
The file restore option is not compatible with Microsoft One Drive. You'll need to mount a virtualization to retrieve these files in the event of a disaster recovery.
The Datto Endpoint Backup agent does not support 64-bit ARM-based processors (such as the Surface Pro X).
System compression, also known as "Compact OS", is a Windows feature that allows rarely modified files to be compressed using the XPRESS or LZX compression formats and is NOT supported.
GDPR Compliance Notice: During the agent registration process, you will have the option to select either the United States, Canada, Australia, Germany, or the United Kingdom to host your offsite data. Additional regional data centers may be available in future releases.
Windows 7 systems must have the latest updates for TLS 1.2 compatability. Ensure you have installed all available updates. See Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows (external link)
Datto Endpoint Backup virtualizations automatically power off after seven days but remain mounted. If you need your virtualization running longer, you will need to power it back on every seven days.
Backup and virtualization of of deduplicated volumes is untested and may produce inconsistent results, particularly with File Restores . Use an alternate restore method where the volume is mounted in Windows to avoid these scenarios.
Datto Endpoint Backup for PCs does not currently support systems using REFS volumes.
If you are protecting any volumes on your machine using an anti-virus software that uses VSS to allow for rollback remediation or snapshotting in the event of a security / encryption breach (like SentinelOne, for example), this will need to disabled in order for the Windows agent to properly backup these volumes.

Versioning

For the latest Datto Endpoint Backup Agent version information, see Release Notes. You can check your protected machine's installed version from the agent tray icon. The Datto Endpoint Backup Agent's latest release is always available at the Datto download page.

Installation

You can download the Datto Endpoint Backup agent from the Datto Download Page. To learn how to deploy, register, or uninstall the Datto Endpoint Backup for PCs Agent, see our Installing and Registering the Datto Endpoint Backup Agent article.

The agent software will install the Datto Endpoint Backup Service on the protected machine during this process.
Datto recommends reviewing the Encryption Compatibility With The Datto Solution Knowledge Base article when deploying the agent to encrypted machines.

NOTE During the registration of Datto Endpoint Backup for PC agents, the agent is tied to an Organization account in the Datto Partner Portal. Removing the organization account will result in the deletion of any Datto Endpoint Backup agent datasets linked to that organization.

Datto recommends running the following checks on the system you are protecting before installing the Datto Endpoint Backup Agent:

chkdsk

Run chkdsk to be sure that all RAIDs and individual disks report back as healthy. Perform necessary disk repairs before deploying any backup agent. Failure to do so may result in backing up corrupted systems and restoration failures.

Disk defragmentation

While Datto can perform backups that are running disk defragmentation, be aware that this rearranges data at a block level, and may result in larger backups.
Run disk defragmentation before you deploy the agent.
VSS-aware disk defragmentation programs may allow for smaller backups but are optional.

Windows updates

Download Windows updates, service packs, and any other Microsoft-provided updates. After installing these updates, reboot the server. When scheduling your deployment, remember that the 2nd Tuesday of every month is Microsoft's 'Patch Tuesday.'

Virus scan

Run a virus scan before you deploy the Datto backup solution to your production machine.

Event Viewer

Check the target's system and application logs to see if there are any VSS or hardware errors.
Resolve any errors before attempting to install the agent.

Previously installed backup software

Before installing the Datto Agent, you should disable and remove all other backup software from the production machine. Depending on the software, you may need to completely uninstall it for backups to run correctly.
When uninstalling other backup software, use a high-level program that eliminates all traces of the incompatible software, including registry keys, DLLs, and stray folders. These components can cause conflicts.

Group Policy

To avoid issues with installing the necessary certificates, ensure that the Windows Group Policy is not set to "Allow only Enterprise Administrators"

Frequently asked questions

Can I backup more than one volume?

Yes! New agent installs (after 4/26/22), support multi volume backup. However, the initial default on new agent installs is to only backup the OS volume. You will need to adjust the Agent Settings if you want to backup more than just the OS drive. Its also important to note that the maximum capacity of all volumes combined that are selected to backup may not exceed 1.5 TB (Increased from 1TB as of mid-December 2022). See Agent Settings for details.

**Can I back up my machine with both a SIRIS and the Datto Endpoint Backup Agent at the same time?**

No. You can only use one type of backup solution at a time. Attempting to protect your machine with more than one kind of solution simultaneously can cause conflicts and backup failures.

What is the retention policy for my Datto Endpoint Backup offsite backups?

We currently offer 1-year Time-Based Retention (TBR). Under the time-based retention model, your Datto Endpoint Backup agents will:

keep all intra-daily backups for seven days
after that, keep daily backups for the next week
after that, keep weekly backups for the next month
keep the remaining backups for one year

To learn more about retention, see our Understanding the Retention Process article. For further information about Time-Based Retention (TBR), including pricing details, contact your Datto Sales Executive.

Are RoundTrips available for Datto Endpoint Backup products?

Unlike Datto on-prem products, RoundTrips and Reverse RoundTrips are not available for Datto Endpoint Backup.

Can I set a custom backup schedule for my Datto Endpoint Backups?

The Datto Endpoint Backup Agent backs up your protected endpoint once every two hours. The schedule is not customizable.

Can I configure Advanced Backup Verification (including Screenshot Verification) for the Datto Endpoint Backup Agent, and view the results?

Datto Endpoint Backup cannot perform Advanced Backup Verification tasks at this time, but basic screenshot verification is available. See Datto Endpoint Backup: Screenshot Verification Overview for more information.

Can I configure the Datto Endpoint Backup Agent to alert me when a backup has failed?

Yes, for a full list of configurable email alerts and information on configuring them, please refer to: Email Alert Settings

What type of network speeds do I need for Datto Endpoint Backup for PCs?

The initial full backup of your protected machine will generally be the largest and take the most time to upload. Differential merges can also take longer than standard incremental backups. Upload times will vary greatly depending on your network speed and the size of the data being transferred. See our Unified Backup networking and bandwidth requirements article for more details.

Additional Resources

To learn more about the Datto Endpoint Backup installation on your protected system and how to interact with your cloud-based backups, see the following articles:

Unified Backup networking and bandwidth requirements

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the ideas forum!
	Provide feedback for the Documentation team.