Endpoint Backup Agent
The endpoint backup agent is not a separate binary. It runs as a module of the unified agent — the same executable that powers The One RMM and Defend. When you enable the Backups module on a device, the existing enrolled agent loads the backup module and begins executing backup jobs according to the assigned policy.
Enabling Backups on Enrolled Devices
To activate endpoint backup on a device that is already enrolled via RMM:
- Open the Backups console → Devices
- Find the target device — it appears in the list because it is already enrolled via RMM
- Click the device → Enable Backups
- Assign or confirm a backup policy
- The agent acknowledges the module activation on its next check-in (typically within 60 seconds)
You can also enable backups for all devices in a company or site by creating a policy at the appropriate scope level.
What Is Backed Up
By default, the agent backs up user-owned data and application state. Exact paths vary by OS:
Windows
| Category | Default Included Paths |
|---|---|
| User documents | %USERPROFILE%\Documents, %USERPROFILE%\Desktop, %USERPROFILE%\Downloads |
| User pictures/video | %USERPROFILE%\Pictures, %USERPROFILE%\Videos |
| Application data | %APPDATA%\Microsoft (Outlook profiles, Sticky Notes), %APPDATA%\Mozilla, %APPDATA%\Google\Chrome\User Data |
| Custom databases | Configurable via custom inclusion rules |
macOS
| Category | Default Included Paths |
|---|---|
| User home | ~/Documents, ~/Desktop, ~/Downloads |
| Application support | ~/Library/Application Support (mail, calendars, browser profiles) |
| Pictures | ~/Pictures |
Linux
| Category | Default Included Paths |
|---|---|
| User home | /home/{user}/Documents, /home/{user}/Desktop |
| Config files | /etc (server-scoped policies only) |
| Application data | Configurable via custom inclusion rules |
What Is Excluded by Default
To reduce backup storage size and prevent unnecessary data transfer:
| Exclusion Category | Examples |
|---|---|
| Temporary files | %TEMP%, %TMP%, /tmp, ~/.cache |
| Browser cache | %LOCALAPPDATA%\Google\Chrome\User Data\Default\Cache, Firefox cache directories |
| OS system files | C:\Windows, /System, /usr, /bin, /sbin |
| Swap/hibernate files | pagefile.sys, hiberfil.sys, /swapfile |
| Package manager caches | node_modules, .npm, pip cache, Homebrew cache |
| Virtual machine disks | *.vmdk, *.vhd, *.vhdx |
Custom Inclusion and Exclusion Rules
You can extend or override the defaults in a backup policy:
Custom include paths — Add specific directories or files to back up. Useful for non-standard application data locations, custom database paths, or mapped network drives.
Custom exclude paths — Remove specific paths from the backup set. Useful for excluding large directories that don't need protection (e.g., a local media library or development build artifacts).
Include/exclude patterns — Glob-style patterns (e.g., *.pst, *.db, !*.log) applied across all included paths. Patterns are evaluated after explicit path rules.
Rules are configured per policy. Changes to a policy propagate to enrolled devices within the next check-in cycle (typically within 5 minutes).
Backup Schedule
The agent operates on the schedule defined in the policy. Default schedule for workstations:
| Job Type | Default Frequency | Default Time |
|---|---|---|
| Incremental | Every 1 hour | All day |
| Full | Daily | 2:00 AM local time |
Servers default to hourly incrementals and a nightly full at 11:00 PM.
You can adjust the schedule type in the policy:
- Interval — Every N hours (1–168)
- Daily — Once per day at a specified time
- Weekly — Specific days of the week at a specified time
- Monthly — A specific day of the month at a specified time
The business_hours_only flag restricts incremental jobs to outside of business hours, preventing backup I/O from affecting end-user performance during the workday.
Agent Storage Usage on the Endpoint
The agent maintains a small pre-staging cache on the local disk to assemble incremental chunks before transmission. Default cache size is 2 GB. If the cache fills (e.g., the endpoint is offline for multiple backup cycles), the agent will skip incremental jobs until the cache is flushed on reconnect.
The agent also stores a local catalog of backed-up file hashes to enable fast incremental detection (only files with changed hashes are re-uploaded).
Network Throttling
By default, the agent uses available bandwidth opportunistically. For environments where backup traffic could disrupt end-user activity, configure bandwidth throttling in the policy:
| Setting | Description |
|---|---|
| Max upload speed | Cap backup upload to N Mbps |
| Business hours throttle | Apply a separate (lower) cap during defined business hours |
| Pause during video calls | Pause backup jobs when the device detects active video conferencing (requires agent v2.1+) |
Throttling applies only to backup data transfer. Agent control-plane traffic (health reporting, policy sync) is not throttled.
Related Pages
- Backup Policies — Configuring what, when, and how long to back up
- Restore Procedures — Recovering files and systems from endpoint backups
- Backup Health Monitoring — Monitoring agent health and job status