Virtual Appliances do not support restoring from a VMware snapshot taken from a running virtual machine


Article ID: 162090


Updated On:


Endpoint Detection and Response Advanced Threat Protection Platform Web Gateway Messaging Gateway


You restore the host Virtual Machine (VM) to a previous state using a snapshot within VMWare ESX or ESXi. After doing so, a number of events that were previously in the database of the product are no longer present.

No error message.

The Symantec appliance you are using is one of the following:

  • Symantec Web Gateway (SWG)
  • Symantec Messaging Gateway (SMG)
  • Symantec Advanced Threat Protection


Virtual installations for Symantec Messaging Gateway, Symantec Web Gateway, and Symantec Advanced Threat Protection do not support restoring from a VMware snapshot taken of a running virtual machine. SMG, SWG, and ATP virtual machines must be powered off prior to taking a snapshot to ensure that all messages and transactions in progress are closed appropriately prior to the snapshot.


Do not capture snapshots of the state of a running virtual appliance, nor attempt to revert to a previous state using a VM snapshot taken of a running appliance. Doing so can interrupt communications and potentially lose or duplicate transactions and event data.

Taking a snapshot of an active system has a high risk of losing event data and whatever traffic these virtual appliances were processing. If data loss occurs under these conditions, ability to restore data would vary with each individual virtual appliance type and version. For this reason, if a snapshot must be taken as part of internal IT policy, the virtual machine must be powered down prior to taking the snapshot.