I don't quite understand this:
If the tenant plans to create off-site copies of backed-up data with a backup copy job, it should enable GFS retention settings in the job properties. This way, Veeam Backup & Replication will be able to protect backups created by the job against an attack when a hacker reduces the job's retention policy and creates a few incremental backups to remove backed-up data from the backup chain.
Without GFS retention settings enabled, the backup copy job will complete with a warning. In the job statistics window, Veeam Backup & Replication will display a notification advising to use the GFS retention scheme for the job. Please note that the warning is displayed only if the tenant backup server runs Veeam Backup & Replication 9.5 Update 3. In earlier versions of Veeam Backup & Replication, the warning will not be displayed, and the backup copy job will complete with the Success state.
We keep are the service provider and we keep 7 days (7 Restore Points) of offsite backups. I want to enable the deleted backup protection for say 7 days (we should know by then if something has gone wrong).
Why must I also setup a GFS scheme? Won't any deleted backups be protected for 7 days anyway ?
And if I do setup say keeping just 1 weekly backup in the BCJ? What protection is this giving me? This just means I might end up with just my old weekly backup if a hacker does indeed get get access to the client console? Also can't the hacker just uncheck those boxes?
Please help me understand the possible outcomes and the way Veeam can protect me. Thanks.