We have been able to get back to testing our Free UEB and were testing the restore capabilities on a test Linux VM. What we have observed is that UEB does not provide a true point-in-time recovery.
Our test results when restoring to an earlier point is as follows:
- Missing files are added
- Existing files are replaced
- New files (e.g. files added after the restore point selected) are not removed.
- New packages (e.g. packages added after the restore point selected); package name removed from the install list but the application is not removed.
This action is not what was expected; what we were expecting is that the system would be restored exactly as it was at the time of the restore point selected. The only work-around we could come up was to re-install a new VM, re-configure it for UEB, and then do a restore; we did not test this as it...