![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 0%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELG%3C/text%3E%3C/svg%3E)
Azure Site Recovery
An Azure native disaster recovery service. Previously known as Microsoft Azure Hyper-V Recovery Manager.
828 questions
Hello @Luis G Mieles B Thank you for reaching out to us on Microsoft Q&A platform. Happy to answer any question you may have!
Azure Site Recovery (ASR) replicates at the disk level, not at the file level. Meaning, any changes (write operation) made to the disk are replicated to Azure. There is no native protection from ransomware or viruses because ASR is simply copying those disk level changes to the managed disks in Azure. So, yes, your infected on-premises VM would be replicated to Azure. The best way to work around this would be to use a longer retention in the replication policy. You can set it to hold up to 15 days' worth of recovery points. That could give you the ability to go back to before the infection.
Also, let me clarify something. The only thing that would be “infected” would be the replication points. You would have to perform a failover to bring up the infected server in Azure.
Hope this helps. Please let me know if you have any questions!
If the response helped, do "Accept Answer" and up-vote it