Carbon Copy Cloner | Bombich Software

Product:

ccc5

Tags:

Frequently Asked Questions (FAQ)

Advanced Topics

Can I back up an encrypted volume to a non-encrypted volume?
If I back up an encrypted volume to a non-encrypted volume, will the copied files be encrypted on the destination?
Will Carbon Copy Cloner enable encryption on my backup volume?
Do I have to wait for encryption to complete before rebooting from my production volume?
What password do I use to unlock my encrypted volume?
What happens if I change my account password on the source volume? Does the encryption password on the backup volume get updated automatically?
I enabled encryption on my 3TB USB backup disk. Why can't I boot from that volume any more?
Can I create a bootable backup on a pre-encrypted volume? Why do you recommend cloning to a non-encrypted volume first?
I restored my backup to another Mac that had FileVault enabled, and now I can't unlock the cloned volume.
I can't enable FileVault, I'm told that my account cannot be used to manage encryption on this Mac
The Startup Security Utility reports that authentication is needed, but no administrators can be found
After cloning to an APFS volume that previously had FileVault enabled, the destination can't be unlocked on startup
After cloning to an APFS Encrypted volume there is a 24-second stall during startup
My YubiKey authentication device can't unlock my encrypted backup volume on startup

Can I back up an encrypted volume to a non-encrypted volume?

Yes.

If I back up an encrypted volume to a non-encrypted volume, will the copied files be encrypted on the destination?

No, encryption occurs at a much lower level than copying files. When an application reads a file from the encrypted source volume, macOS decrypts the file on-the-fly, so the application only ever has access to the decrypted contents of the file. Whether your backed-up files are encrypted on the destination depends on whether encryption is enabled on the destination volume. If you want the contents of your backup volume to be encrypted, follow the procedure documented here to enable encryption.

Will Carbon Copy Cloner enable encryption on my backup volume?

No. You can enable encryption in the Security & Privacy preference pane while booted from your bootable backup, or in the Finder by right-clicking on your backup volume (for a backup volume that does not have an installation of macOS).

Do I have to wait for encryption to complete before rebooting from my production volume?

No. Once you have enabled encryption on the backup volume, you can reboot from your production startup disk and the encryption process will continue in the background.

What password do I use to unlock my encrypted volume?

When you boot your Mac from the backup volume and enable FileVault in System Preferences, you explicitly choose which user accounts will be allowed to unlock that volume. To unlock the volume in the future, enter the password to any of those user accounts. Do not attempt to use the Recovery Key or your Apple ID account password to unlock the volume — those passwords will not unlock the volume.

If you erased your backup volume as encrypted in Disk Utility, then you will use the password that you specified in Disk Utility to unlock the volume.

What happens if I change my account password on the source volume? Does the encryption password on the backup volume get updated automatically?

The encryption password(s) on the backup volume will not be automatically updated when you change the password for an account on the source volume. When you boot from the backup volume, you may notice that your user account icon is a generic icon, and the text indicates "[Update needed]". The update that is required is within the proprietary encryption key bundle that macOS maintains for your encrypted volume. This encryption key is not maintained on the backup volume, and it is Apple-proprietary, so it isn't something that CCC can or should modify. To update the encryption password on the destination volume:

Choose the backup volume as the startup disk in the Startup Disk preference pane and restart your computer. You will be required to provide the old password to unlock the volume on startup.
Open the Users & Groups preference pane in the System preferences application.
Click on the user whose password was reset on the source volume and reset that user's password again. Resetting the password while booted from the backup volume will update the encryption key for that user on the backup volume.
Reset the password for any other user accounts whose password was reset on the original source.

I enabled encryption on my 3TB USB backup disk. Why can't I boot from that volume any more?

Some versions of OS X have difficulty recognizing USB devices that have been encrypted with FileVault. The Western Digital My Passport Ultra 3TB disk, for example, works fine as a bootable device when not encrypted. In our tests, however, this device was no longer recognizable when FileVault encryption was enabled. This problem appears to be limited to OS X 10.11 El Capitan. The same volume was accessible using older and newer OSes, and also functioned fine as an encrypted startup device using older and newer OSes.

Can I create a bootable backup on a pre-encrypted volume? Why do you recommend cloning to a non-encrypted volume first?

Catalina users: It is not possible to create a bootable backup on a pre-encrypted backup disk, Apple's tools just don't permit this. You can enable FileVault after establishing your initial backup, and then CCC can maintain a bootable backup on your FileVault-encrypted backup volume.

We generally recommend that people establish a bootable backup on a non-encrypted volume, and then enable FileVault while booted from the destination. Some people have discovered, however, that a pre-encrypted volume can function as a bootable device with versions of macOS prior to Catalina. So why do we recommend the former? There are a couple notable differences between pre-encrypting the disk vs. enabling FileVault after booting from the not-encrypted disk. When you enable FileVault via the Security Preference Pane:

You get a sanity check that a recovery volume exists (this avoids spending lots of time copying files only to find out that the volume might not be bootable)
You get the opportunity to store a recovery key with Apple
You can unlock the disk with selected accounts
You get a nicer UI on startup to unlock the disk (e.g. it's similar to the LoginWindow interface), vs. a less-polished looking Unlock Disk interface
APFS-specific: You avoid a 24-second startup delay that occurs when the system can't find the "disk" user in the system's directory service on a pre-encrypted APFS volume.

One drawback to enabling FileVault via the Security Preference Pane, however, is that changes to account passwords on the source volume aren't immediately reflected on the backup as far as unlocking the disk is concerned. The old account passwords would be required until you boot from the backup and specifically re-enable those accounts in the Security Preference Pane (at which time the disk's EncryptionKey is remastered).

As far as the backups are concerned, there's no difference between these two methods. There is still an order-of-operations concern with pre-encrypting the disk if your disk is formatted using Apple's legacy HFS+ filesystem format (the steps below are not applicable to APFS). You'd want to approach it in this manner:

Erase the destination device (unencrypted!)
Click on the freshly-erased disk in CCC's sidebar and create a recovery volume on that disk
Go back to Disk Utility and erase the volume now, not the whole disk (as was emphasized in the instructions above). Now you can choose the option to encrypt the volume. By erasing just the volume here, not the whole disk, the hidden recovery partition that CCC created won't be destroyed.
Open CCC and configure your backup task

In general, either procedure is fine, it really is the same as far as the backup is concerned. We generally prefer the Security Preference Pane method, however, because it yields the same UI behavior you are expecting if you have enabled FileVault on your production startup volume. Many people become concerned when the Disk Utility-encrypted volume shows any behavioral difference at all with regard to unlocking the disk on startup, and that concern is best avoided by enabling FileVault in the Security Preference Pane.

I restored my backup to another Mac that had FileVault enabled, and now I can't unlock the cloned volume.

Encryption is a volume-specific endeavor, and when it's enabled via FileVault, it's also tied to the user accounts on that specific installation of macOS. If you clone another installation of macOS onto a volume that has FileVault enabled, the user accounts from the "foreign" (source) OS will not be able to unlock the FileVault-encrypted destination volume. To avoid this scenario, you should erase the destination volume as a non-encrypted volume. When erasing an APFS volume, be careful to erase the whole APFS container, not just the encrypted volume within the container.

Please note that this concern is not applicable to restoring a backup to the original source volume. In that case, the OS on the backup volume is not foreign; the user accounts on the backup volume match the user accounts on the original source. In that scenario, FileVault will continue to function normally.

I can't enable FileVault, I'm told that my account cannot be used to manage encryption on this Mac

The Startup Security Utility reports that authentication is needed, but no administrators can be found

After cloning to an APFS volume that previously had FileVault enabled, the destination can't be unlocked on startup

After cloning to an APFS Encrypted volume there is a 24-second stall during startup

All of these conditions are caused by the same underlying problem: users on the affected volume do not have access to the volume's Secure Token. There are generally two ways to get to this result:

The volume was erased as an encrypted volume, thus no user account was associated with the unlocking of that volume, or
The user accounts that are allowed to unlock the disk belonged to some previous installation of macOS on that volume

Solution: Erase the destination in Disk Utility before proceeding with the cloning task. You should erase the destination as "APFS", not "APFS (Encrypted)". For more technical users, we offer some additional background information below.

APFS volumes that contain an installation of macOS will each have a unique "secure access token". Access to this token allows users to do things like unlock the volume (e.g. if FileVault is enabled) and to change startup security settings. Because this token is volume-specific, it can't be copied to another volume; it has to be regenerated. In addition to this Secure Token, APFS volumes also have a list of users or keys that are "bound" to the volume. These "cryptographic users" are defined within the volume metadata, not within any particular file on the volume. As a result, these bound cryptographic users cannot be modified by CCC nor transferred from one volume to another. This cryptographic user list is proprietary to Apple; only Apple tools can modify the list, and only Apple tools can generate a SecureToken.

While the SecureToken-endowed users and the cryptographic users are usually in sync on a particular volume, these lists are decoupled, and it is possible to get them out of sync. If you clone a system to a pre-encrypted APFS volume, for example, the destination has only one "Disk" crypto user. None of the user accounts on the system that you copied will be (nor can be) included in the crypto users list of that volume. Likewise, if you clone an installation of macOS to a volume that already has an installation of macOS, then you will be overwriting the user accounts that are currently in the crypto user list with new, foreign user accounts. Those new user accounts are not only missing from the crypto user list, but it will be impossible to add them to the crypto user list if all of the previous crypto users were deleted. To avoid both of these scenarios, it's important to clone to a volume that has either crypto users that match those users that exist on the source, or to a destination that has no crypto users at all (e.g. a freshly erased, non-encrypted volume).

Manually regenerating a SecureToken

Apple does not offer a method for creating a SecureToken for a user on a volume that is not the current startup disk, so CCC cannot offer a postflight method that automatically creates that token. Apple does, however, offer a utility for granting access to the secure token for specific users on the current startup disk in a very limited number of circumstances. If the current startup disk has no crypto users (diskutil ap listUsers / returns "No cryptographic users"), or if one of the crypto users is still present on the current startup disk, then you can use the sysadminctl utility to generate a SecureToken for your administrator account, e.g. in the Terminal application:

sysadminctl interactive -secureTokenOn yourname -password -

I don't want to erase my destination again, is there any way to fix this?

If you can't unlock the cloned volume on startup, then you can decrypt the destination volume using the diskutil command-line utility. For example, running the following command in the Terminal application would decrypt a volume named "CCC Backup":

diskutil ap decrypt "/Volumes/CCC Backup"

After decrypting the backup volume, you can then boot from it and enable FileVault in the Security & Privacy Preference Pane in the System Preferences application.

If you can boot your Mac from the backup, but you're seeing a stall during startup, you can resolve that matter by decrypting the volume as indicated above, or by creating a new user account that has a Secure Access Token. Only the macOS Setup Assistant has the ability to create the first secure access token, so follow these steps while booted from the volume you're trying to repair:

Mojave+ only: Grant Full Disk Access to the Terminal application
Open the Terminal application and run the following commands, substituting your own volume name as applicable:
sudo rm "/var/db/.AppleSetupDone" sudo rm "/var/db/dslocal/nodes/Default/secureaccesstoken.plist"
Restart the system
Setup Assistant will ask you to create a new user. Create the new user account with default settings. A simple name like "tokenuser" will do, don't login with an Apple ID.
Immediately log out of the new user account, and log in using one of your own admin user accounts.
Open the Terminal application and run the following commands, substituting your own user names as applicable:
sysadminctl -secureTokenOn youraccount -password - -adminUser tokenuser -adminPassword - sysadminctl interactive -deleteUser tokenuser

Related Apple Bug Reports

rdar://46168739 — diskutil updatePreboot doesn't remove deleted crypto users

My YubiKey authentication device can't unlock my encrypted backup volume on startup

YubiKey users discovered that the default keystroke input speed of the Yubikey is too fast for the Mac's firmware, resulting in dropped characters. You can solve this by decreasing the key input rate using the YubiKey Personalization Tool.

Product:

ccc5

Tags:

Advanced Topics

Carbon Copy Cloner includes a command line utility that allows you to start, stop, and monitor the progress of specific CCC backup tasks. The utility is located inside of the CCC application bundle. To get basic usage instructions, invoke the utility without arguments in the Terminal application, e.g.:

user@Mac ~ % "/Applications/Carbon Copy Cloner.app/Contents/MacOS/ccc" 
ccc -v|--version
		Prints the version of the CCC command-line utility (this is not the same as the main application version)
ccc -s"Task Name" | --start="My Backup Task" (-w|--watch)
		-w|--watch:	Keep running and print task output until the task is finished. Ignored for task groups.
ccc -x["Task Name"] | --stop[="My Backup Task"] [-r]
		Stop all tasks, or the specified task.
		By default the task is treated as if cancelled.
		Use -r to report the event (e.g. nia Notification Center and, if configured, email).
		Use another non-zero value if you would like task notifications to be sent.
ccc -h|--history [-c|-d]
		Print a summary of task history, i.e. the data you would see in the table at the top of the Task History window.
		-c prints in CSV format
		-d prints dates in seconds since Midnight Jan 1, 1970 (rather than formatting the date)
ccc -p|--print-schedules [-c|-d]
		List each task and when it will next run.
		-c prints in CSV format
		-d prints dates in seconds since Midnight Jan 1, 1970 (rather than formatting the date)
ccc -w["Task Name" | --watch[="Task name"]
		Watch task progress (press Control+C to exit)
		Specify a task name to limit task output to the indicated task
ccc -i|--status
		Print a status line for each task.
ccc -g|--global globalDefaultName [bool|int|float|string] globalDefaultValue
		Set a global default value.
ccc -g|--global globalDefaultName delete
		Delete a global default value.
ccc -n|--notification notificationTitle notificationBody
		Send a notification to the Notification Center.
ccc -z["Task Name"] | --disable[="Task Name"]
ccc -e["Task Name"] | --enable[="Task Name"]
		Disable or enable all tasks [or a specific task].
ccc -u | --uuids
		Print task names and their unique identifiers.

Here are some examples of how to use the CCC command-line tool to start and stop a task, and get its last history event:

[user:~] cd "/Applications/Carbon Copy Cloner.app/Contents/MacOS"
[user:/Applications/Carbon Copy Cloner.app/Contents/MacOS] ./ccc -s"CCC Backup Task" -w
04/24 12:52:19	: CCC Backup Task [Data copied: Zero KB, Progress: -1.000000%] Preparing...
04/24 12:52:20	: CCC Backup Task [Data copied: Zero KB, Progress: -1.000000%] Testing write responsiveness of the destination...
04/24 12:52:20	: CCC Backup Task [Data copied: 126 bytes, Progress: 0.076235%] Comparing and copying files
04/24 12:52:21	: CCC Backup Task [Data copied: 126 bytes, Progress: 1.146266%] Comparing and copying files
04/24 12:52:21	: CCC Backup Task [Data copied: 126 bytes, Progress: 1.963699%] Comparing and copying files
04/24 12:52:22	: CCC Backup Task [Data copied: 126 bytes, Progress: 3.048320%] Comparing and copying files
^C

[user:/Applications/Carbon Copy Cloner.app/Contents/MacOS] ./ccc -x"CCC Backup Task"
Stopping CCC Backup Task

[user:/Applications/Carbon Copy Cloner.app/Contents/MacOS] ./ccc -h | head -n 1
CCC Backup Task|Macintosh HD|SSD Macintosh HD Backup|4/24/20, 12:52 PM|0:19|126 bytes|Cancelled|0

Product:

ccc5

Tags:

Advanced Topics

You can access the contents of a disk image the same way that you access other volumes and external hard drives on macOS. Double-click on the disk image file to mount its filesystem, then navigate the filesystem in the Finder to access individual files and folders. If you have the permission to access the files that you would like to restore, simply drag those items to the volume that you would like to restore them to.

Restoring individual items or an entire disk image to another hard drive using CCC

To restore files or an entire filesystem from a disk image:

Launch CCC
Select Restore from disk image... from the Source selector and locate your backup disk image. CCC will mount the disk image for you.
Choose a volume from the Destination selector. You may not choose the current startup disk as a destination, however you may choose to restore to a folder on the current startup disk.
If you do not want to restore everything, choose Some files... from the Clone menu (below the Source selector) and deselect any item that you do not wish to restore.
Click the Clone button.

Restoring system files to your startup disk

If you want to restore system files to your startup disk, you must start up your Macintosh from an installation of macOS on another hard drive, such as a bootable backup created by CCC. Once you have booted your Mac from another volume, follow the steps from the previous section.

Restoring system files to your startup disk when you don't have a bootable backup

If you do not have an installation of macOS on another hard drive, you can boot your Mac from your macOS Recovery volume and use Disk Utility to restore the entire disk image:

High Sierra and Mojave

Note: The destination volume format must match the format of the disk image that you're restoring from. This limitation is specific to Disk Utility – if you're restoring from a disk image using CCC, CCC can restore an APFS disk image to an HFS+ volume, and you can restore an HFS+ disk image to an APFS volume. Use Disk Utility as a last resort.

Hold down Command+R while you restart your computer.
Choose Disk Utility in the Utilities application.
Choose Show All Devices from the View menu.
Click on the device you want to restore to in the sidebar (see this article for specific formatting instructions).
Click the Erase button in the toolbar and proceed to erase the device using the GUID Partition Map partitioning scheme, and the format that matches your source disk image.
Reselect the volume that you would like to restore to. If you are restoring to an APFS volume, choose the parent APFS container.
Choose Open Disk Image... from the File menu and select the disk image file that you would like to restore from.
Choose Restore... from the Edit menu.
Select the mounted disk image volume that you would like to restore. If you are restoring to an APFS volume, choose the container that is the parent of the disk image volume you are trying to restore.
Click the Restore button.

El Capitan and Sierra

Hold down Command+R while you restart your computer
Choose Disk Utility in the Utilities application
Click on the volume you want to restore to in the sidebar
Choose Restore... from the Edit menu
Click on the Image... button and locate the disk image that you would like to restore
Click the Restore button

Yosemite

Hold down Command+R while you restart your computer
Choose "Disk Utility" in the Utilities application
From the File menu, choose Open Disk Image... and locate the disk image that you would like to restore
In the list in the pane on the left, click on the mounted disk image's volume
Click on the Restore tab on the right side of the window
Drag the mounted disk image to the Source field. If the Source field does not accept the dragged volume, right-click on the disk image's mounted volume and choose Set as source from the contextual menu.
Drag the hard drive that you would like to restore to into the Destination field
Check the box to erase the destination (if present), then click on the Restore button.
Restart your Mac from your newly restored volume, then use CCC to restore the Recovery HD volume from the archive on your startup disk.

Using Migration Assistant to migrate data from a disk image

If you have a clean installation of macOS and simply want to restore your user data from a full-system backup on a disk image, you can use Migration Assistant for this task. Simply mount the disk image, then open Migration Assistant and proceed as directed, using the mounted disk image as the source. Note that Migration Assistant will only accept a disk image that has a full system backup, it will not accept a disk image that has only user data.

Migration Assistant and the CCC SafetyNet

If your backup volume has a "_CCC SafetyNet" folder, you can move that folder to the Trash before using Migration Assistant to avoid copying that folder during a migration. This is particularly important if that folder has a lot of data in it and you're migrating to a disk that is smaller than the backup volume. If you would like to retain the SafetyNet folder on the backup volume, don't empty the Trash. After Migration Assistant has completed, then you can move the SafetyNet folder back to the root of the backup volume.

Migration Assistant and Yosemite, El Capitan

On Yosemite and El Capitan, Migration Assistant will ask that you close all applications, and it will then log you out before presenting migration options. This poses a problem for migrating data from a disk image because the disk image will be unmounted when you are logged out, and Migration Assistant doesn't offer any interface to choose a disk image. To work around this problem, you can use our Mount disk image for Migration Assistant application. Simply drag the disk image containing your full system backup onto the application and it will guide you through a fairly simple procedure that will make the disk image available to Migration Assistant after a short delay.

Preliminary tests indicate that this workaround is not required on Sierra and later OSes.

Product:

ccc5

Tags:

Advanced Topics

CCC's Advanced Settings are helpful in specific situations, but are not generally required for routine use. Some of these settings involve more risk, so please use them with caution, and don't hesitate to ask questions via the Ask a question about CCC... menu item in CCC's Help menu if the explanations below are insufficient for your particular scenario.

To access the advanced settings, click on the Advanced Settings button below CCC's Source selector.

Advanced settings button

Use strict volume identification

By default, CCC uses the name and Universally Unique Identifier (UUID) of your source and destination to positively identify those volumes. By verifying both of these identifiers, there is less risk in, for example, backing up to a volume that has the same name as your usual destination but is not actually the destination.

While beneficial, this behavior can sometimes have the wrong result. For example, if you rotate between a pair of external hard drives, CCC will not backup to both of them even though they have the same name (e.g. Offsite Backup). CCC will instead claim that the UUID of one of the volumes does not match that of the originally chosen destination.

To accommodate a "rotating pair of backup volumes" solution, you can uncheck this option to indicate that CCC should only use the volume name to identify the destination volume. When deselecting this option, be vigilant that you do not rename your destination volume and that you never attach another non-backup volume to your Mac that is named the same as your destination volume.

This option is automatically disabled when the destination volume does not have a UUID. Network volumes and some third-party filesystems, for example, do not have volume UUIDs.

Note: This setting is only applicable to the destination volume. CCC always uses the name and UUID to positively identify the source volume.

Note: If your rotating destination volumes are encrypted, CCC will only be able to unlock and mount the original encrypted volume selected as the destination for your backup task. CCC must have a unique identifier of the destination volume in order to unlock that volume, and CCC will only retain that information about one destination volume for a particular task. If you would like to rotate a pair of backup disks that are encrypted, we recommend using two separate tasks for that purpose; one for each encrypted destination.

Protect root-level items

If you have files and folders that are unique to the root-level on your destination volume and you want them to be left alone, yet you want to keep your backup "clean", use the Protect root-level items option. This option is enabled by default when CCC's SafetyNet option is enabled. To understand how this feature works, suppose you have these items on your source volume:

And you have these items on the destination volume:

With the Protect root-level items option, the Videos folder will not be moved to the _CCC SafetyNet folder because it is unique to the root level of the destination. The Users folder is not unique to the root of the destination (it also exists on the source), though, so its contents will be updated to match the source. As a result, the olduseraccount folder will be moved to the _CCC SafetyNet folder (or deleted if you have disabled the SafetyNet).

Find and replace corrupted files, "Backup Health Check"

CCC normally uses file size and modification date to determine whether a file should be copied. With this option, CCC will calculate an MD5 checksum of every file on the source and every corresponding file on the destination. If the checksums differ, CCC will recopy the file. This option will increase your backup time (because CCC is tasked with re-reading every file on the source and destination), but it will expose any corrupted files within your backup set on the source and destination.

Media failures occur on nearly every hard drive at some point in the hard drive's life. These errors affect your data randomly, and go undetected until an attempt is made to read data from the failed sector of media. If a file has not been modified since a previous (successful) backup, CCC will not ordinarily attempt to read every byte of that file's content. As a result, it is possible for a corrupted file to go unnoticed on your source or destination volume. Obviously this is a concern if the file is important, and one day you actually need to recover the contents of that file.

Frequent use of the checksum calculation option is unnecessary and may be a burden upon your productivity, so CCC offers weekly and monthly options to limit how frequently the checksumming occurs.

Note: CCC will never replace a valid file on your destination with an unreadable, corrupt file from the source. If CCC cannot read a file on your source volume, any existing backup of that file will remain intact on your backup volume and CCC will report an error, advising you to replace the source file with the intact backup version. The Find and replace corrupted files setting will only automatically replace corrupted files on the destination, and only when the source file is completely readable.

What is a "corrupted" or "unreadable" file?

With regard to files on the source, CCC's Find and replace corrupted files option specifically refers to files that cannot be physically read from the disk. It does not refer to files that have been mistakenly or maliciously altered such that they cannot be opened by the application that created them.

Using the "Find and replace corrupted files" option to verify your backup

CCC's checksum option verifies the integrity of the files on your destination volume before files are copied, it is not a verification of files that have just been written. In general, the checksum of a file immediately after it is written to disk is of questionable value. Most disks have a write cache, and file data goes to the cache before it is written to actual media. If you write a file and then immediately ask to read it back, as much as x amount of data (where x = the size of the cache) is going to come from the volatile cache. If any of the file's data comes from the write cache, then the checksum doesn't reflect the status of the data on the permanent media, and that really defeats the purpose of checksumming the file in the first place.

If you want to verify the integrity of the files on your destination immediately after copying files, a subsequent backup with CCC's Find and replace corrupted files option is the best way to do that. You can even automate this process by creating a second task that uses this option, then select the second task in the "Run another backup task" popup menu in the After task runs section of advanced settings.

Troubleshooting Options

Run a deletion pass first

When the CCC SafetyNet option is disabled, CCC typically deletes unique items from the destination as it encounters them. CCC iterates through the folders on your source alphabetically, so some files are often copied to the destination before all of the files that will be deleted have been deleted from the destination. If your destination volume has very little free space, CCC may not be able to complete a backup to that volume. This option will cause CCC to run a deletion pass through the entire destination before copying files. Use of this option will make your backup task take longer.

This option will only be enabled when the SafetyNet option is disabled.

Don't update newer files on the destination

Files on the source are generally considered to be the authoritative master, and CCC will recopy a file if the modification date is at all different — newer or older — on the source and destination. Occasionally there are circumstances where the modification date of files on the destination is altered after a backup task runs (e.g. by anti-virus applications), and this alteration causes CCC to copy these files every time. This option can work around these circumstances when the root cause of the modification date alteration cannot be addressed.

Don't preserve permissions

This setting will avoid the errors generated by network volumes that disallow the modification of permissions and ownership on some files. It will also prevent CCC from enabling ownership on the destination volume. Use of this option while backing up applications or macOS system files will prevent those items from working correctly on the destination.

Don't preserve extended attributes

This setting will disable support for reading and writing extended attributes, such as Finder Info, resource forks, and other application-proprietary attributes. Extended attributes store data about the file. Apple explicitly recommends that developers do not store irreplaceable user data in extended attributes when saving a file, because extended attributes are not supported by every filesystem, and could be silently dropped (e.g. by the Finder) when copying a file.

This option is helpful in cases where the source or destination filesystem offers exceptionally poor performance for reading and writing extended attributes, or offers very limited support for macOS native extended attributes such that many errors are reported when trying to copy these metadata.

Reduce the number of files considered for backup

CCC analyzes all of the files that are included in your backup set for consideration to be copied. If you have a particularly high number of files on your source volume, you may want to put some thought into how your files are organized. For example, if you have a large number of files that never change (perhaps some old, completed projects), you can collect these into a folder named "Archives", back it up once, then exclude it from future backups. CCC will not delete excluded items from your destination (unless you ask it to using Advanced Settings), so as long as you keep the original on your source volume, you will always have two copies of your archived content. Because these items are excluded from your daily backups, CCC will not spend time or RAM enumerating through those files for changes.

Hard drive performance and interface bandwidth

Your backups will be no faster than your slowest disk. Performance will be worse for smaller rotational hard drives (e.g. physically smaller, like those in 2.5" hard drive enclosures), for older hard drives, and for hard drives that are nearly full and thus more likely to be fragmented. Especially as Apple's new APFS filesystem becomes harder to avoid, we recommend using SSDs for any volume that has an installation of macOS, including your backups.

You will also get longer copy times when you have lots of small files vs. a volume filled with just a few very large files. Finally, you will see better performance with faster/more efficient interfaces — USB 3.1 is faster than USB 3.0, USB 3.0 is faster than USB 2.0, etc.

Additionally, if your source volume is nearly full and is a rotational disk, we recommend that you replace it with a larger hard drive to avoid the performance implications of filesystem fragmentation.

Filesystem performance and hardware type

It's important to choose the right filesystem for the hardware that you have and the data that you're backing up. If you have an older, rotational HDD, it's generally better to format that device using the "Mac OS Extended, Journaled" (HFS+) format if you're backing up macOS High Sierra (or older), or if you're making a data-only backup. APFS is the new, modern standard, but its performance on rotational devices is inferior to HFS+. If you're making a backup of macOS Catalina, APFS is required. If you find the performance of your backups to be too slow, we recommend using an SSD for your backups.

Spotlight Indexing

Anything that causes CCC to compete for bandwidth to your source or destination volume will increase the amount of time that it takes to back up your data. Spotlight indexing is one such process that CCC typically must compete with for disk bandwidth. As you copy new data to your destination volume, for example, Spotlight wants to read those "new" files so it can index their contents. Having a Spotlight index of your backup volume may be unnecessary as you probably want to search for files only on your source volume. To disable Spotlight indexing on a volume that is dedicated to backup, drag the icon of the destination volume into the "Privacy" tab of Spotlight Preference Pane in the System Preferences application. If you do want the backup volume indexed, drag its icon out of the "Privacy" tab after the cloning and indexing will start immediately.

Find and replace corrupted files

CCC offers an advanced option to "Find and replace corrupted files". When using this option, CCC will re-read every file on the source and every file on the destination, calculating a checksum of each file. CCC then compares these checksums to see if a file should be recopied. While this is an excellent method for finding unreadable files on the source or destination, it will dramatically increase the amount of time that your backup task takes, and it will also increase CPU and hard drive bandwidth consumption on your Mac. We recommend limiting the use of this option to weekly or monthly, and scheduling such tasks to run when you are not typically using your Mac.

Target Disk Mode is slow

In fact it's unbelievably slow. If you attach an SSD-bearing Mac in Target Disk Mode to another Mac via a USB-C cable (so both at 10Gb/s connections), you might expect to get incredible speed (e.g. >500MB/s). You will be sorely disappointed by speeds of less than 20MB/s; slower than USB 2.0. For better performance, we recommend that you avoid Target Disk Mode. Boot the target Mac from the volume you're trying to restore instead. Not only will you get better performance, but you also have the assurance that the Mac can boot from the OS that you're restoring to it.

Other applications and conditions that can lead to performance problems

Over the years we have received numerous queries about poorer performance than what is expected. Careful analysis of the system log and Activity Monitor will usually reveal the culprit. Here are some things that we usually look for:

Other backup software copying simultaneously to the same volume, a different volume on the same disk, or across the same interface as CCC's destination.
Utilities that watch filesystem activity and do things when file changes are detected. Antivirus software is a common culprit, but we have also seen problems caused by other watcher applications, such as memeod and Western Digital's SmartWare.
Slow interfaces — USB hubs (including the ports on a USB keyboard or display) and even some USB cables can reduce the bandwidth to your disk dramatically. If you're using USB, be sure that your device is plugged directly into one of the USB ports on your Mac.
Daisy chaining Firewire devices is usually OK, though some enclosures can stall the entire Firewire bus when given too much bandwidth. If you see this behavior, try switching the order of devices in the chain, or attach your backup disk directly to a Firewire port on your Mac.
Using a wireless network connection to connect to a network volume. If you're seeing poor performance with a wireless connection, compare the performance when using a wired (ethernet) connection.
Symantec's Digital Loss Prevention (DLP) can cause performance problems when backing up a specific Microsoft font cache (e.g. /Users/yourname/Library/Containers/com.microsoft.Outlook/Data/Library/Application Support/Microsoft/FontPreviewCache). The problem appears to be specific to DLP's ability to cope with the dorky emojis that Microsoft uses in the file names in this folder (i.e. replacing the word "family" with the ? family emoji). Exclude that FontPreviewCache folder from your backup task to avoid the performance problem.

Use the Console application to view the contents of the system log. If you're still having trouble identifying a performance problem, we're here to help.

Automatically prune archived content before copying files

Prune archives in the SafetyNet when free space is less than [xx] GB

If your destination volume has less free space than the limit that you have specified, CCC will prune the oldest archive. CCC will continue to prune the oldest archive until the requested amount of free space has been achieved. Note that if the archives cumulatively consume less space than the limit requested and the destination volume is full, CCC will prune all of the archives.

Auto Adjustment of the SafetyNet Free Space pruning limit

When the Auto Adjust option is enabled (and it's enabled by default), CCC will automatically increase the free space pruning limit if your destination runs out of free space during the backup task. For example, if your pruning limit is set to the default of 25GB, and you have 25GB of free space at the beginning of the backup task, no pruning will be done at the beginning of the task. If that task proceeds to copy more than 25GB of data, however, the destination will become full. CCC will then increase the pruning limit by the larger of either the amount of data copied in the current task, or by the amount of data that was required by the last file CCC attempted to copy. For example, if CCC copied 25GB of data, then the pruning limit would be increased by 25GB. If CCC wanted to copy a 40GB file, however, CCC would not fruitlessly copy 25GB of that file, rather it would immediately increase the pruning limit by 40GB, revisit pruning, and then restart the task.

Prune archives in the SafetyNet when they are older than [xx] days

CCC will prune archives that were created more than "xx" days ago.

Prune archives in the SafetyNet when they are larger than [xx] GB

Starting with the most recent archive, CCC will determine the amount of disk space that each archive consumes. When the cumulative total exceeds the limit that you have imposed, CCC will prune the remaining, older archives. If the newest archive is larger than the limit that you have specified, that archive will be pruned in entirety.

Never prune archives in the SafetyNet

CCC will not automatically prune the contents of the "_CCC SafetyNet" folder at the root of the destination. Archived files may eventually consume all of the free space on the destination, so you should periodically delete older archive folders to maintain enough free space for future backups. You may delete the contents of the SafetyNet folder without harm to the rest of your backup set.

"CCC is pruning my SafetyNet, but the disk is still pretty full at the end of the backup task"

The purpose of CCC's SafetyNet pruning is to make space for additional backups. CCC also avoids pruning items that were very recently archived — after all, it wouldn't make sense to archive an item on the destination, them immediately delete it. To accommodate both of these goals, CCC prunes archives within the SafetyNet before the backup task runs. Pruning the SafetyNet immediately before copying files gives a greater level of assurance that the requested amount of free space (for example) will be available for the current backup. Be sure to consider this detail when specifying your SafetyNet pruning settings. If you want to retain additional space on your backup volume beyond what is required for your CCC backups, specify more liberal limits (e.g. 100GB of free space rather than 25GB).

"Can I use the _CCC SafetyNet folder for long-term archiving of specific items?"

We don't recommend using the SafetyNet for long-term storage. CCC is configured to automatically prune the SafetyNet, by default, when free space on the destination is less than 25GB at the beginning of the backup task, and that limit may increase automatically. CCC doesn't consider whether items in the _CCC SafetyNet folder were placed there by CCC or another application, everything is considered safe to delete when the time is right. If you would like to maintain a permanent archive of items on your backup volume, outside of your CCC backup, we recommend that you create a specific folder for this purpose at the root level of your backup volume.

We also recommend that you maintain a backup of your archived data on another volume! If you don't have a backup of your long-term archived items, you're going to lose them forever if your backup disk fails.

"I manually moved the _CCC SafetyNet folder to the Trash, but now I get an error when trying to empty the Trash"

When CCC backs up your startup disk, it runs with the privileges required to access system files that are not normally accessible to your account. Naturally, some of these files will be updated on the source, and subsequently archived on the destination. When you place these items in the Trash (by placing the _CCC SafetyNet folder in the Trash), and subsequently try to empty the Trash, the Finder typically requests that you authenticate to remove these files. Sometimes the Finder is having a bad day, though, and it simply reports the enlightening "-8003" error when you try to empty the Trash (or something equally obtuse). This error isn't defined or documented anywhere, but through trial and error, we have figured out that it simply means "I can't cope with your request to empty the Trash".

The solution is to avoid using the Finder to delete a CCC SafetyNet folder. Choose Delete a SafetyNet Folder from CCC's Utilities menu instead and use that interface to manually remove SafetyNet folders.

Additional References

Apple Kbase HT201583: You can‘t empty the Trash or move a file to the Trash

Use strict volume identification

This option is automatically disabled when the destination volume does not have a UUID. Network volumes and some third-party filesystems, for example, do not have volume UUIDs.

Note: This setting is only applicable to the destination volume. CCC always uses the name and UUID to positively identify the source volume.

Protect root-level items

And you have these items on the destination volume:

The "root" of the destination refers to the first or top-most folder relative to your selected destination. If you selected a volume named CCC Backup as the destination, then the root level refers to the root of the volume — what you see when you open that volume in the Finder (the middle pane in the screenshot above). If you selected a folder as the destination for your task, then the "items at the root of the destination" refers to the items that you find in that specific folder that you selected as the destination, not the root of the whole volume. When you select a folder as the destination, anything outside of that folder is completely outside of the scope of the backup task, and will be left alone by that particular backup task.

Find and replace corrupted files, "Backup Health Check"

Frequent use of the checksum calculation option is unnecessary and may be a burden upon your productivity, so CCC offers weekly and monthly options to limit how frequently the checksumming occurs.

What is a "corrupted" or "unreadable" file?

Using the "Find and replace corrupted files" option to verify your backup

Troubleshooting Options

Run a deletion pass first

This option will only be enabled when the SafetyNet option is disabled.

Don't update newer files on the destination

Don't preserve permissions

Don't preserve extended attributes

Read/write "sparseimage" disk images

A sparseimage disk image is a type of read/write disk image that grows as you copy files to it. In general, sparse disk images only consume as much space as the files they contain consume on disk, making this an ideal format for storing backups. Use of this older disk image format is only recommended when backing up to non-AFP network volumes on an OS older than macOS Sierra. Please note that sparseimage files are monolithic and potentially very large files. If the underlying filesystem has a 2TB file size limit and the sparseimage file reaches that limit, the sparseimage file cannot be grown. In most of these cases the sparseimage file becomes corrupted when the underlying filesystem limit is reached, so we don't recommend this disk image format for large data sets.

Read/write "sparsebundle" disk images

A sparse bundle disk image is similar to a sparseimage insofar as it grows as you add data to it, but it retains its data in many smaller files inside of a bundle rather than inside a single file. We recommend this disk image format for most scenarios.

Running out of space on a sparseimage or sparsebundle disk image

CCC reported that the destination is full, but the underlying disk has plenty of free space. CCC initially sets the capacity of your disk image to the amount of free space on the underlying disk. If you have freed up some space on that disk since you created the disk image, you can manually expand the capacity of the destination disk image in Disk Utility. Choose Resize... from the Images menu in Disk Utility, select your destination disk image, then expand it as desired. We recommend that you do not expand the disk image such that it is larger than the capacity of the underlying disk.

The disk image file is larger than the amount of data it contains, why? Sparseimage and sparsebundle disk images grow as you add data to them. They do not, however, automatically shrink when files are deleted from them. As a result, the amount of disk space that the disk image file consumes will not necessarily reflect the amount of data that they consume. To reclaim disk space that is occupied by the free space on your sparse disk image, CCC will compact the disk image before attempting to mount it if the free space on the underlying volume is less than 25GB, or is less than 15% of the total disk capacity. In most cases, you do not need to compact the disk image yourself, but this functionality is documented here so you'll understand why you might see CCC spending time "Compacting the destination disk image" at the beginning of a backup task.

If you would like to compact a disk image manually, drop the disk image file onto this application: Compact Sparse disk images. Be sure to unmount the disk image volume if it is already mounted. Also, note that the compacting process can take a while (e.g. an hour for a 100GB disk image on a locally-attached volume). Finally, be sure that your system is running on AC power. The system utility that compacts the disk image will refuse to run while the system (e.g. a laptop) is running on battery power.

CCC applies more aggressive SafetyNet pruning to disk image volumes

When you configure a task to back up to a new disk image, CCC will configure the task's SafetyNet pruning to prune anything older than 1 day. You are welcome to change these settings, but we have found that more aggressive SafetyNet pruning will avoid excessive use of disk space on the underlying device, and will reduce the need to compact the disk image.

Please keep in mind that SafetyNet is not intended to offer access to older versions of your files, it is a safety mechanism that is designed to avoid the loss of data on an errantly-selected destination volume. SafetyNet is generally not applicable to disk image backups because the disk image is typically dedicated to the backup task. However, enabling SafetyNet with even a very aggressive pruning limit does offer a modicum of protection in cases where you've accidentally removed files from the source.

If you're looking for a solution that retains older versions of your files and your source volume is APFS-formatted, consider CCC's snapshot functionality instead. Snapshots are disabled on disk image destinations by default, but you can enable snapshot support either on the disk image volume or on the source volume.

Read-only disk images

Read-only disk images cannot be modified without invalidating the built-in checksum, therefore they are a good container for storing archived material. Compression rates vary on the content of your source, but you can typically expect to reduce the size of your disk image by about half when using compression. There is a subtle behavior that you should take note of when considering this option as a space-saving measure: CCC will first create a read/write disk image, copy the selected items to it, then convert the disk image to read-only compressed. In this case, you will actually need twice the space on your destination as the items to be copied consume on the source.

Encrypting disk images

If any of the data that you are backing up is sensitive, and if your backup device may be in an insecure location, encrypted disk images can improve the security of your backup. CCC offers 128 bit and 256 bit AES encryption to encrypt disk images. To create an encrypted disk image, select one of the encryption levels from the Encryption menu. After you click on the OK button, you will be prompted to specify a passphrase for the new disk image, and CCC will give you an opportunity to save the passphrase in your own keychain. CCC will also store the passphrase in a private keychain so the disk image can be mounted automatically during scheduled backup tasks.

Note: If you create a read-only, encrypted disk image, the intermediate disk image that CCC creates is NOT encrypted. This intermediate disk image file is deleted once the final, read-only, encrypted disk image has been created, but it is not shredded. Take this into consideration when choosing your destination media. If the destination may be placed in an insecure location, use Disk Utility to securely erase free space on the underlying destination volume after you have created your encrypted disk image archive.

Running a backup task whose destination is a disk image on the startup disk

If you specify a disk image that resides on your startup disk as the destination to a scheduled task, CCC will impose some more conservative requirements on this task. To proceed with this configuration, one of the following requirements must be met:

The amount of free space on the startup disk is at least 1GB larger than the amount of consumed space on the source volume.
The disk image won't grow, e.g. it is a .dmg file, not a sparseimage or sparsebundle disk image.

These requirements avoid a scenario in which the startup disk runs out of free space, causing instability on macOS. If you cannot accommodate the free space requirement, we recommend that you create a .dmg disk image in Disk Utility (choose File > New... > Blank Disk image, set the image format to read/write disk image). Disk Utility will pre-allocate exactly as much space as you request, and CCC will gladly use this disk image without fear of filling up the startup disk.

Sparsebundle disk images are not supported on some filesystems

If your Mac is running an OS older than macOS Sierra, CCC will refuse to save or mount a sparse bundle disk image if the underlying filesystem that the disk image file resides upon does not support the F_FULLFSYNC file control. Most filesystems support this file control, but the SMB file sharing protocol does not. Most people that encounter issues with creating a sparsebundle disk image on a network volume are encountering issues because the network volume is mounted via SMB.

Starting in Mavericks, Apple's preferred file sharing service is SMB. As a result, if you attempt to connect to a network volume, Finder will use SMB to establish that connection unless you explicitly specify AFP as the protocol to use. In this configuration, a sparse bundle disk image will not work, and CCC will issue an error. To avoid this error, connect to the network volume explicitly using AFP:

Eject the network volume if it is currently mounted
Choose Connect to server from the Finder's Go menu
Type in "afp://yourserver.local" (changing the hostname, of course), then click the Connect button and mount the network volume
Go back to CCC and choose Choose disk image... from the Destination selector, then select the sparsebundle disk image on your network volume

Why can't I use a sparsebundle disk image on a filesystem that does not support the F_FULLFSYNC file control?

When your computer writes a file out to the hard drive, the data usually goes to a "write buffer"— a small portion of RAM that is installed on the circuit board of the hard drive. By accumulating smaller write operations onto this RAM chip, the hard drive can increase overall write performance by writing large blocks of cached data to the physical media all at once. While this write buffer improves performance, it also carries a risk. If the power fails or the disk's connection to the computer is suddenly broken between the time that data was written to the buffer and when the buffer is flushed to the disk, your filesystem will have an inconsistency. Filesystem journaling typically mitigates this risk, however it doesn't offer enough protection for Apple's sparsebundle disk image type.

In Mac OS 10.5, Apple implemented the F_FULLFSYNC file control for network servers and clients. The F_FULLFSYNC file control is a command that is sent to the hard drive after some (or all) write operations that tells the disk to immediately flush its cache to permanent storage. To provide better protection for data on sparsebundle disk images, Apple disabled support on Mac OS 10.6 for using sparsebundle disk images that reside on filesystems that do not support the F_FULLFSYNC file control. Apple relaxed this requirement in macOS 10.12 (Sierra).

You are likely to encounter this error condition if your sparse bundle disk image is hosted on a pre-Mac OS 10.5 Macintosh or various Network Attached Storage (NAS) devices (especially SMB). When you encounter this error, copy the sparsebundle disk image to another network volume, or ask CCC to create a new sparseimage disk image file (sparseimage disk images are not the same as sparsebundle disk images).

Snapshots and Disk Images

When creating a new disk image, CCC will format the disk image to match the source volume. For better performance on APFS-formatted disk images, CCC will disable snapshot support on the destination disk image volume if:

The backup task was originally configured to create a new disk image
Snapshots are currently enabled for the destination disk image
The snapshot retention policy limit for SafetyNet snapshots is set to the default value of 7 days

When CCC disables snapshots on that destination disk image volume, it explicitly sets the SafetyNet limit in the snapshot retention policy to 0. If you subsequently re-enable snapshot support on that volume without changing the SafetyNet limit back to the default, then snapshots should remain enabled (because the three logical conditions are no longer matched).

If you would like to enable snapshot support on your disk image and keep it enabled, be sure to either leave the SafetyNet limit set to 0, or change it to anything other than 7. If you ever change the SafetyNet retention value for that disk image back to 7 (or other reset the values to defaults), CCC will again disable snapshots on the disk image when the task next runs.

A message for new Mac users coming from the Windows world

Backups on a Windows system are very different from those on a Macintosh. If you're coming from a Windows background, the term "imaging" and the concept of making a disk image backup is probably familiar to you. Restoring from disk image backups is made simpler on Windows because the startup environment is built around them. That's not the case for a Macintosh. When you create a disk image backup of your Mac's startup disk, the logistics of restoring that backup are actually fairly complicated. Due to these complications, we don't recommend using a disk image as your primary backup on a Mac. Disk images are useful for storing a backup of your user data on a network volume, but for your Mac's startup disk, we recommend that you back up directly to a disk that is attached to your Mac; not to a disk image.

Filesystem implementation details

.HFS+ Private Directory Data*
/.journal
/.journal_info_block
.afpDeleted*
._*
.AppleDouble
.AppleDB
/lost+found
Network Trash Folder
.TemporaryItems

These items only show up if you're running an older OS than what was used to format the source volume, and on some third-party implementations of AFP and SMB network filesystems. These items should never, ever be manipulated by third-party programs.

Volume-specific preferences

.metadata_never_index
.metadata_never_index_unless_rootfs
/.com.apple.timemachine.donotpresent
.VolumeIcon.icns
/System/Library/CoreServices/.disk_label*
/TheVolumeSettingsFolder

These items record volume-specific preferences, e.g. for Spotlight, Time Machine, and a custom icon for the volume. Feedback on the exclusion of these items is welcome. Because they are volume-specific preferences, the exclusion of these items from a day-to-day backup seems most appropriate.

Apple-proprietary data stores

.DocumentRevisions-V100*
.Spotlight-V100
/.fseventsd
/.hotfiles.btree
/private/var/db/systemstats

These items are Apple-proprietary data stores that get regenerated when absent. Attempting to copy these data stores without unmounting the source and destination is not only futile, it will likely corrupt them (and their respective apps will reject them and recreate them).

The DocumentRevisions data store is used by the Versions feature in macOS. The Versions database stored in this folder contains references to the inode of each file that is under version control. File inodes are volume-specific, so this dataset will have no relevance on a cloned volume.

Volume-specific cache files

/private/var/db/dyld/dyld_*
/System/Library/Caches/com.apple.bootstamps/*
/System/Library/Caches/com.apple.corestorage/*

Copying these caches to a new volume will render that volume unbootable. The caches must be regenerated on the new volume as the on-disk location of system files and applications will have changed. macOS automatically regenerates the contents of these folders when CCC is finished updating the backup volume.

NetBoot local data store

/.com.apple.NetBootX

In the unlikely event that your Macintosh is booted from a Network device, macOS will store local modifications to the filesystem in this folder. These local modifications are not stored in a restorable format, therefore should not be backed up. In general, you should not attempt to back up a NetBooted Mac.

Dynamically-generated devices

/Volumes/*
/dev/*
/automount
/Network
/.vol/*
/net

These items represent special types of folders on macOS. These should not be backed up, they are dynamically created every time you start the machine.

Quota real-time data files

/.quota.user
/.quota.group

When these files are copied to a destination volume using an atomic file copying procedure, the macOS kernel will prevent the destination from being gracefully unmounted. The contents of these files is never accurate for the destination volume, so given the kernel's unruly behavior with copies of these files, CCC excludes them. According to the quotacheck man page, these files should be regenerated every time a quota-enabled volume is mounted (e.g. on startup). We have not found that to be consistently true. If you're using quotas, run sudo quotacheck / after restarting from your backup volume or a restored replacement disk to regenerate these files.

Large datastores that are (or should be) erased on startup

/private/var/vm/*
/private/tmp/*
/cores
/macOS Install Data

macOS stores virtual memory files and your hibernation image (i.e. the contents of RAM are written to disk prior to sleeping) and temporary items in these folders. Depending on how you use macOS and your hardware configuration, this could be more than 50GB of data, and all of it changes from one hour to the next. Having this data for a full-disk restore does you absolutely no good — it makes the backup and restore processes take longer and the files get deleted the next time you boot macOS.

Trash

.Trash
.Trashes

Moving an item to the trash is typically considered to be an indication that you are no longer interested in retaining that item. If you don't want CCC to exclude the contents of the Trash, you can modify each task's filter:

Choose Copy Some Files from the popup menu underneath the Source selector
Click the Inspector button adjacent to that same popup menu to reveal the Task Filter window
Uncheck the box next to Don't copy the Finder's Trash
Click the Done button

Time Machine backups

These folders store Time Machine backups. Time Machine uses proprietary filesystem devices that Apple explicitly discourages third-party developers from using. Additionally, Apple does not support using a cloned Time Machine volume and recommends instead that you start a new Time Machine backup on the new disk.

/Backups.backupdb
/.MobileBackups
/.MobileBackups.trash
/private/var/db/com.apple.backupd.backupVerification

Corrupted iCloud Local Storage

iCloud leverages folders in your home directory for local, offline storage. When corruption occurs within these local data stores, macOS moves/renames the corrupted items into the folders indicated below. macOS doesn't report these corrupted items to you, nor does it attempt to remove them. CCC can't copy the corrupted items, because they're corrupted. To avoid the errors that would occur when trying to copy these corrupted items, CCC excludes the following items from every backup task:

Library/Mobile Documents.*
.webtmp

Special files

Files included in this section are application-specific files that have demonstrated unique behavior. The kacta and kactd files, for example, are created by antivirus software and placed into a special type of sandbox that makes them unreadable by any application other than the antivirus software.

The "com.apple.loginwindow" item can be found in each user home folder. Excluding this item prevents the applications that were open during the backup task from opening when you boot from the backup volume. This seems appropriate considering that Apple intends the feature to be used to open the applications that were in use when you log out, restart or shutdown, not at an arbitrary point during the backup task.

Starting in CCC 5.1.18, 1Password is excluded from the backup per the recommendation from the 1Password developers.

/private/tmp/kacta.txt
/private/tmp/kactd.txt
/private/var/audit/*.crash_recovery
/private/var/audit/current
/Library/Caches/CrashPlan
/PGPWDE01
/PGPWDE02
/.bzvol
/.cleverfiles
/Library/Application Support/Comodo/AntiVirus/Quarantine
/private/var/spool/qmaster
$Recycle.Bin
Library/Preferences/ByHost/com.apple.loginwindow*
.dropbox.cache
/private/var/db/atpstatdb*
/Applications/1Password*

CCC SafetyNet folders

When CCC's SafetyNet feature is enabled, CCC creates a _CCC SafetyNet folder at the root of the selected destination volume or folder. When CCC encounters an item on the destination that does not exist on the source, or an item that will be replaced with an updated item from the source, that item gets placed into the SafetyNet folder rather than being deleted immediately. The SafetyNet folder is literally a safety net for files on your destination. If you accidentally delete a file from the source and you don't realize it until after your backup task runs, you'll find the item in the SafetyNet folder. Likewise, if you accidentally specify the wrong volume as a destination to a CCC backup task, the mistake does not catastrophically delete every file from the selected destination; you simply recover the items from the _CCC SafetyNet folder.

The protection that the SafetyNet folder imparts is specific to the volume upon which the SafetyNet folder resides. As such, CCC never includes the contents of the _CCC SafetyNet folder in a backup task. So, for example, if your hard drive fails and you restore your backup to a replacement disk, the _CCC SafetyNet folder is automatically excluded from that restore task. If you have several tasks backing up to separate folders on a backup volume, for example, the _CCC SafetyNet folders that are created in those subfolders would not be included in a secondary backup task that copies your backup disk to a third disk.

Product:

ccc5

Tags:

Frequently Asked Questions (FAQ)

Advanced Topics

Does CCC have to be running for a scheduled task to run?

No. Once you have saved your tasks, you can quit CCC. Even if tasks are running, it's OK to quit CCC -- they will continue to run. A helper application, named "com.bombich.ccchelper" will be running quietly in the background, handling task operations. This helper application also loads automatically when you restart your computer, so you don't have to launch CCC again unless you want to make changes to your task configurations or scheduling.

What happens if no one is logged in when a task is scheduled to run?

The scheduled task will run whether someone is logged in to the machine or not. You can also log in or log out while tasks are running and the tasks will continue to run.

Will CCC run when the computer is turned off?

If your backup task is configured to "Wake or power on the system", CCC will schedule a "Wake or power on" event with the Power Management service and your system will turn on shortly before the task is scheduled to run.

FileVault exception

There is one notable exception to powering on the system for a scheduled task: If you have FileVault enabled on your startup disk, your computer would turn on, but it would not proceed past the FileVault authentication prompt. It is not possible for CCC to subvert this security feature, so the Wake or power on the system option will be disabled if FileVault is enabled on your startup disk. This limitation is applicable only when the system is turned off; CCC can wake a system with FileVault protection enabled and proceed to run a backup task.

Will CCC run when the my laptop's lid is closed?

If your laptop is running on battery power, the system will not wake while the lid is closed and CCC backup tasks will not run. If your laptop is plugged in to AC power, then CCC can wake the system to start your scheduled task if the lid is closed. See the section above for the settings that indicate whether a task can wake the system.

How is system sleep handled?

By default, CCC will wake your computer when your tasks are scheduled to run. You can change this setting in the Runtime Conditions section when scheduling a task. As long as your Mac is running on AC power, CCC will prevent the system from sleeping for the duration of a backup task.

Why does my laptop sometimes go to sleep during a backup task?

If your Mac is a laptop, note that CCC will only be able to wake the system or prevent idle sleep if the system is running on AC power. CCC will attempt to thwart sleep while the system is running on battery power, but macOS may sleep the system anyway if there is no user activity while running on battery power.

Why does my screen turn on shortly before a backup task starts?

By default, CCC schedules a wake event to occur 20 seconds before a scheduled task is configured to run. Whether the system is sleeping or not, macOS turns on the display when a scheduled wake event occurs, and there is nothing that CCC can do to prevent this. If you prefer that your display does not turn on, e.g. in the middle of the night, use the Run this task when the system next wakes setting instead to have CCC tasks run during macOS Dark Wake cycles (aka PowerNap, aka Maintenance Wake).

What if the backup disk is not available when a task is scheduled to run?

If your backup disk is attached to your Mac and unmounted, CCC will attempt to mount the backup volume, then proceed with the backup task if that is successful. If the volume cannot be mounted or is not attached to your Mac, CCC will, by default, report an error, then run the task immediately when the backup disk is reattached to your Mac. You can fine-tune CCC's handling of this scenario using the options at the bottom of the Scheduler panel.

Can I stop a backup task before it finishes?

Yes, you can stop the backup task at any time. The next time you run the backup task, CCC will copy only the files that have changed or were missed since the last backup task.

How can I disable/suspend a task?

If CCC's sidebar is not revealed, reveal it by choosing Show Sidebar from CCC's View menu. To disable a task, right-click on that task in the sidebar and choose Disable from the contextual menu. Use the same procedure to re-enable the task. If you would like to disable all tasks, choose Disable all tasks... from the CCC menubar application, or hold down Command+Option and choose Disable All Tasks & Quit from the Carbon Copy Cloner menu.

Can I configure a task to run immediately after the computer is turned on?

CCC doesn't offer an option specifically to run tasks on startup. Running a task immediately after the system is turned on often introduces a lot of extra disk activity that will compete with the disk activity that occurs normally during system startup. Also, it makes less sense to run backup tasks after the computer has been off, because no files have been modified while the system was off. We recommend configuring backup tasks to run sometime toward the end of your work day instead. You can also configure the task to shut down your Mac when the task completes.

If your work day does not end at a regular time, but begins at a fairly consistent time, then there may be one other option available to you. You can configure a backup task to run before your work day begins, and then configure that task to "Wake or power on the system". CCC will then schedule a "wake or power on" energy saver event, and then after the system powers on at that time, CCC will run your scheduled task. Note that this option is not available if you have FileVault enabled on your Mac's startup disk.

Use strict volume identification

This option is automatically disabled when the destination volume does not have a UUID. Network volumes and some third-party filesystems, for example, do not have volume UUIDs.

Note: This setting is only applicable to the destination volume. CCC always uses the name and UUID to positively identify the source volume.

Protect root-level items

And you have these items on the destination volume:

Find and replace corrupted files, "Backup Health Check"

Frequent use of the checksum calculation option is unnecessary and may be a burden upon your productivity, so CCC offers weekly and monthly options to limit how frequently the checksumming occurs.

What is a "corrupted" or "unreadable" file?

Using the "Find and replace corrupted files" option to verify your backup

Troubleshooting Options

Run a deletion pass first

This option will only be enabled when the SafetyNet option is disabled.

Don't update newer files on the destination

Don't preserve permissions

Don't preserve extended attributes

CCC will only back up system files to or from locally-attached macOS-formatted filesystems

macOS can only be installed on a macOS-formatted volume. This requirement is also carried to a backup volume. When system files are copied to or from non-macOS filesystems, important metadata are unavoidably lost, resulting in files that cannot be restored to their original functionality. In short, you cannot restore a functional installation of macOS from a backup stored on a non-macOS volume. To prevent any misunderstandings about this result, CCC will exclude system files from a backup task if the destination is not a locally-attached, macOS-formatted volume. Likewise, CCC will not copy system files from a network volume, e.g. if you were to mount the startup disk of another Mac via File Sharing, the system files on that network volume cannot be copied in a meaningful way.

Note that the "locally-attached" caveat is an important distinction. Even if your destination volume is macOS-formatted, if it is attached to an Airport Base Station (for example), then you're accessing the volume via file sharing. If you open the Get Info panel for the volume, you will see that the volume format is "AppleShare" or "SMB", not HFS+ or APFS. It is not possible to update an OS backup on a network volume.

Ownership and permissions concerns

Network filesystems pose some interesting challenges in regards to preserving ownership and permissions. When you connect to another computer that is hosting a shared volume, you usually authenticate by providing a username and password. The account whose credentials you provide is an account on that other computer, and it is this account's privileges that determine what access you have to files and folders on the shared volume. Additionally, any files that are copied to the shared volume will be owned by that user account, regardless of the ownership of those files on the source volume. This is not a behavior specific to CCC, it is simply the nature of network filesystems.

An example will be very helpful in understanding the implications of this behavior. Suppose Sally would like to back up some Movies from her Mac's home folder to another Mac shared by Bob and Joe. On Sally's Mac, there is a user account named "sally". On Bob and Joe's Mac, File Sharing has been enabled in the Sharing Preference Pane, and there are two user accounts, "joe" and "bob". Bob has attached an external hard drive named "Backup" to his Mac that he and Joe have been using for backup, and he has created a folder named "Sally's Movies" on this volume to which Sally will copy files. Sally does the following to connect to Bob and Joe's Mac:

In the Finder, open a new window, then click on "Bob and Joe's Mac" in the Shared section of the sidebar.
Click on the Connect as... button.
In the authentication dialog, provide Bob's username and password, then click on the Connect button.
Choose the "Backup" volume from the list of shared volumes.

The Backup volume now appears on Sally's Desktop, and in CCC's Destination selector in the Network Volumes section. Next, Sally chooses Choose a folder... from CCC's Source selector and locates the folder of movies that she would like to copy to Bob and Joe's Mac. She then chooses Choose a folder... from the Destination selector and locates the "Sally's Movies" folder on the Backup network volume. She clicks the Clone button and the Movies are backed up.

Later that day, Joe is using his computer and he notices that he can see some of the movies in the "Sally's Movies" folder, but some of the subfolders have a universal "No access" badge and he cannot view those folders' contents. This occurred for two reasons:

Sally mounted the network volume using Bob's credentials, so the files and folders created when she copied her files to the Backup volume are now owned by Bob's user account.
Some of the folders on Sally's computer prevented access by "other" users.

As a result, the folders on the Backup volume are owned by Bob and some of them limit access to other users (Joe in this case). Joe asks Sally about this and she decides to try copying some of the movies to one of Joe's folders on the backup volume. When she chooses Choose a folder... from CCC's Destination menu, however, she sees the same universal "No Access" badge on Joe's folder. Sally can't copy files to this folder (nor can CCC) because the Backup volume was mounted using Bob's credentials, and Joe's backup folder on the backup volume happened to be inaccessible to Bob. Sally unmounts the backup volume and reconnects to it using Joe's credentials, and she is then able to copy files to Joe's private folder.

What can I do when there are permissions or ownership issues that prevent CCC from copying items to/from or updating items on a network volume?

First, it is important to keep in mind that no application can modify the ownership of a file or folder on a network share. Ownership changes must be applied on the computer or device that is hosting the network volume. Additionally, permissions changes can only be made to files and folders owned by the user whose credentials were used to mount the network volume. For this reason, it is generally easier to apply both ownership and permissions changes on the computer or device hosting the network volume.

If the computer hosting the network volume is a Mac, you can modify ownership and permissions in the Get Info panel for that folder (on the Mac hosting the network volume):

In the Finder, click on the folder whose permissions or ownership you would like to change.
Choose Get Info from the File menu.
In the Sharing & Permissions section at the bottom, click on the lock icon to make the permissions editable.
To change permissions, choose Read & Write from the popup menu next to the owner of the file or folder.
If the owner of the item is not the user account that you use to connect to this Macintosh, click on the + button
In the window that appears, select the user account that you use to connect to this Macintosh, then click the Select button.
Set the access privileges to Read & Write.
Click on the Gear menu and choose to apply the change to enclosed items.
Try your backup task again.

If the computer or device that is hosting the network volume is not a Macintosh, consult that device's documentation to learn how to change permissions and ownership of files and folders.

Alternative #1: If you have mounted the network volume with Guest privileges, unmount and remount the network volume using the credentials of an account on the machine or device hosting the network volume.

Alternative #2: You can create a new folder on the shared volume and specify that folder as the destination in CCC by choosing Choose a folder... from the Destination selector.

Alternative #3: You can have CCC create a disk image on the network volume rather than copying files directly to a folder. When CCC creates a disk image on the destination, the disk image is formatted to match the source and attached locally, so CCC can preserve the permissions and ownership of the files that you are copying to it.

Limitations of non-macOS-formatted filesystems

When you choose a non-macOS-formatted volume as a destination, CCC's Cloning Coach will proactively warn you of any compatibility issues between the source and destination volumes. You can view the Cloning Coach's warnings by clicking on the yellow caution button in the Task Plan header. If you have selected a source and destination volume, and the caution button is not present, then there are no configuration concerns.

Support for third-party filesystems

CCC offers limited support for third-party filesystems, such as those provided by FUSE for OS X. Due to the large number of filesystems that can be provided by FUSE, CCC provides generic support for these "userland" filesystems rather than specific support. CCC takes a best effort approach by determining the capabilities of the source and destination filesystems, warns of potential incompatibilities, then presents only unexpected error conditions that arise during a backup.

Backing up to FUSE volumes mounted without the allow_root flag is not currently supported (e.g. Google Drive, BitCasa). Please contact the vendor of your proprietary filesystem to ask that they offer the ability to mount the volume with the allow_root flag if you would like to use that volume as a source or destination to a CCC backup task.

Google Drive File Stream is a special case. We've seen odd behavior when selecting Google Drive File Stream volumes as a whole as the source or destination for a task – CCC is unable to read the root folder during a backup task. CCC explicitly disallows that configuration. Selecting a subfolder on the Google Drive volume does work, though, and CCC allows that configuration. There is one other notable concern with Google Drive File Stream – Google Drive will download files when they are accessed if they do not currently reside on your Mac's hard drive. If you specify a Google Drive folder as the source to a backup task, you should anticipate that cloud-only files may be downloaded to your Mac during the backup task. That behavior lies outside of CCC's purview, it cannot be modified with a CCC task setting.

The Western Digital MyCloud Home NAS device is another special case. The "Home" model of this NAS device requires the use of WD-proprietary software to access the storage securely; direct access to the storage via SMB is only available with Guest privileges. Users report that performance of the storage while using WD's software is subpar in comparison to Guest access via SMB, and other users have reported to us that macOS is unable to create or mount disk images on the storage when mounted via Western Digital's software. When you mount WD MyCloud Home NAS storage using WD's software, the volume is vended by a 'kddfuse' filesystem. CCC won't allow these volumes as a source or destination device. To back up to a WD MyCloud Home NAS, mount the storage via SMB in the Finder instead. Be sure to choose the "Guest" user option when prompted to authenticate, because the MyCloud Home device doesn't support authenticated access via SMB.

Writable NTFS filesystems

We have seen several reports of problems copying large amounts of data (e.g. > 4GB) to writable NTFS filesystems. In most cases, the underlying software that vends the filesystem (e.g. Tuxera, Paragon, and others) crashes and the volume is rendered "mute". While it may be possible to complete a backup to these filesystems in chunks (e.g. 4GB at a time), we recommend using a more reliable, writable filesystem if you encounter these problems.

Backing up a Boot Camp installation of Windows

CCC can back up the user data on a Boot Camp volume, but it cannot make an installation of Windows bootable. If your goal is to back up your user data on the Boot Camp volume, CCC will meet your needs. If you're looking to migrate your Boot Camp volume to a new hard drive, you might consider an alternative solution such as WinClone, or one of the commercial virtualization solutions that offer a migration strategy from Boot Camp.

Backing up the contents of an NTFS volume

The NTFS filesystem supports "named streams", a feature that is comparable to extended attributes on macOS-formatted volumes and many other filesystems. Unlike extended attributes, however, there is no limit to the amount of data that can be stuffed into NTFS named streams (aside from standard file size limitations). Extended attributes on macOS have a 128KB size limit. As a result, any attempts to copy a named stream larger than 128KB to a non-NTFS filesystem will fail. CCC will copy the standard file data just fine, but will not copy named streams larger than 128KB. CCC's Cloning Coach will warn of this kind of incompatibility, and any errors related to this limitation will be logged to the CCC log file, however these errors will not be raised to your attention.

This limitation applies when copying files between volumes on Windows as well, so application developers tend to use named streams only for data that can be regenerated (e.g. thumbnail icons, summary or statistical information), not for storage of irreplaceable user data.

NAS service failures can lead to unreliable backups

Access to the contents of a network volume is provided by an application that runs on another computer or Network Attached Storage (NAS) device. Every NAS device and operating system has its own vendor-specific version of the file sharing application, so we occasionally see problems with some NAS devices that don't occur on others. Problems can be minor, such as being unable to set file flags (e.g. hidden, locked) on an item, or more significant, like not being able to store or retrieve resource forks. When these problems are encountered during a backup task, CCC will copy as many files and as much data as possible, then offer a report on the items or attributes that could not be copied.

When you encounter an error caused by the file sharing service that hosts your network volume, there are a few workarounds that you can try to avoid the errors:

Eject the network volume on your Mac, then restart the computer or NAS device that is hosting the network volume. Reconnect to the network volume and try the backup task again.
Connect to the network volume using a different protocol. A different application is responsible for each protocol, so if the AFP service on your server has a bug, connecting to the SMB service may work more reliably (and vice versa). Choose Connect to server from the Finder's Go menu, then specify "smb://servername.local/volume" or "afp://servername.local/volume" to connect to the server using a different protocol. If you are unsure which protocol you are currently using, click on the mounted volume in the Finder, then choose Get Info from the Finder's File menu to find out.
If the errors persist when connecting to the network volume via both AFP and SMB, and restarting the file server does not change the outcome, then we recommend that you back up to locally-attached storage instead.

Some SMB services cope poorly with files and folders with special characters

Some SMB file sharing services will automatically rename files to "DOS compatible" names, or simply issue errors when working with various file names. In particular, files or folders that start or end with a space character, or names that contain a colon character (":") are unacceptable. When the SMB file sharing service encounters files or folders with these disallowed characters, it will automatically rename these items, e.g. " filename.txt" would become "_1CZVG~B". This "mangling" of file and folder names inevitably leads to errors during a backup task. To avoid these errors, you should either rename the offending files on the source, or connect to the NAS device using AFP rather than SMB. Choose Connect to server from the Finder's Go menu, then specify "afp://servername.local/volume" to connect to the server using a different protocol.

Possible workaround: If you can modify the configuration of the SMB file sharing service on your NAS, then you may be able to prevent the service from "mangling" these file names. The applicable setting is documented here.

Product:

ccc5

Tags:

Frequently Asked Questions (FAQ)

Advanced Topics

Can I back up an encrypted volume to a non-encrypted volume?

Yes.

If I back up an encrypted volume to a non-encrypted volume, will the copied files be encrypted on the destination?

Will Carbon Copy Cloner enable encryption on my backup volume?

Do I have to wait for encryption to complete before rebooting from my production volume?

No. Once you have enabled encryption on the backup volume, you can reboot from your production startup disk and the encryption process will continue in the background.

What password do I use to unlock my encrypted volume?

If you erased your backup volume as encrypted in Disk Utility, then you will use the password that you specified in Disk Utility to unlock the volume.

What happens if I change my account password on the source volume? Does the encryption password on the backup volume get updated automatically?

Choose the backup volume as the startup disk in the Startup Disk preference pane and restart your computer. You will be required to provide the old password to unlock the volume on startup.
Open the Users & Groups preference pane in the System preferences application.
Click on the user whose password was reset on the source volume and reset that user's password again. Resetting the password while booted from the backup volume will update the encryption key for that user on the backup volume.
Reset the password for any other user accounts whose password was reset on the original source.

I enabled encryption on my 3TB USB backup disk. Why can't I boot from that volume any more?

Can I create a bootable backup on a pre-encrypted volume? Why do you recommend cloning to a non-encrypted volume first?

You get a sanity check that a recovery volume exists (this avoids spending lots of time copying files only to find out that the volume might not be bootable)
You get the opportunity to store a recovery key with Apple
You can unlock the disk with selected accounts
You get a nicer UI on startup to unlock the disk (e.g. it's similar to the LoginWindow interface), vs. a less-polished looking Unlock Disk interface
APFS-specific: You avoid a 24-second startup delay that occurs when the system can't find the "disk" user in the system's directory service on a pre-encrypted APFS volume.

Erase the destination device (unencrypted!)
Click on the freshly-erased disk in CCC's sidebar and create a recovery volume on that disk
Go back to Disk Utility and erase the volume now, not the whole disk (as was emphasized in the instructions above). Now you can choose the option to encrypt the volume. By erasing just the volume here, not the whole disk, the hidden recovery partition that CCC created won't be destroyed.
Open CCC and configure your backup task

I restored my backup to another Mac that had FileVault enabled, and now I can't unlock the cloned volume.

I can't enable FileVault, I'm told that my account cannot be used to manage encryption on this Mac

The Startup Security Utility reports that authentication is needed, but no administrators can be found

After cloning to an APFS volume that previously had FileVault enabled, the destination can't be unlocked on startup

After cloning to an APFS Encrypted volume there is a 24-second stall during startup

All of these conditions are caused by the same underlying problem: users on the affected volume do not have access to the volume's Secure Token. There are generally two ways to get to this result:

The volume was erased as an encrypted volume, thus no user account was associated with the unlocking of that volume, or
The user accounts that are allowed to unlock the disk belonged to some previous installation of macOS on that volume

Manually regenerating a SecureToken

sysadminctl interactive -secureTokenOn yourname -password -

I don't want to erase my destination again, is there any way to fix this?

diskutil ap decrypt "/Volumes/CCC Backup"

After decrypting the backup volume, you can then boot from it and enable FileVault in the Security & Privacy Preference Pane in the System Preferences application.

Mojave+ only: Grant Full Disk Access to the Terminal application
Open the Terminal application and run the following commands, substituting your own volume name as applicable:
sudo rm "/var/db/.AppleSetupDone" sudo rm "/var/db/dslocal/nodes/Default/secureaccesstoken.plist"
Restart the system
Setup Assistant will ask you to create a new user. Create the new user account with default settings. A simple name like "tokenuser" will do, don't login with an Apple ID.
Immediately log out of the new user account, and log in using one of your own admin user accounts.
Open the Terminal application and run the following commands, substituting your own user names as applicable:
sysadminctl -secureTokenOn youraccount -password - -adminUser tokenuser -adminPassword - sysadminctl interactive -deleteUser tokenuser

Related Apple Bug Reports

rdar://46168739 — diskutil updatePreboot doesn't remove deleted crypto users

My YubiKey authentication device can't unlock my encrypted backup volume on startup

Product:

ccc5

Tags:

Advanced Topics

CCC is fully qualified for use with FileVault-protected volumes (HFS+ and APFS). CCC offers some advice around enabling encryption in the Disk Center.

Enabling encryption on a volume that contains (or will contain) an installation of macOS

If your goal is to create a bootable, encrypted backup, use the following procedure:

Follow CCC's documentation to properly format the destination volume. Do not format the volume as encrypted. Choose APFS if your Mac is a T2 Mac (e.g. iMac Pro, 2018 MacBook Pro; see the full list here).
Use CCC to back up your startup disk to the unencrypted destination volume.
If you're running an OS older than Mojave, select the destination volume in CCC's sidebar, then click the Recovery HD button to create a Recovery HD volume. Note: You must be logged in to an administrator account to perform this step. This step is unnecessary if your destination is an APFS-formatted volume.
In the Startup Disk preference pane in the System Preferences application, select the backup volume as the startup disk and restart.
Enable FileVault encryption in the Security & Privacy preference pane of the System Preferences application.
In the Startup Disk preference pane in the System Preferences application, select your production startup volume as the startup disk and restart.
Configure CCC for regular backups to your encrypted backup volume.

You do not have to wait for the conversion process to complete before rebooting from your production startup disk

Additionally, you do not have to wait for the conversion process to complete before using your backup disk. You can simply enable FileVault encryption, then immediately reboot from your primary startup disk and the conversion process will carry on in the background. Encryption will continue as long as the backup disk is attached. macOS doesn't offer a convenient method to see conversion progress, but you can type diskutil apfs list (or diskutil cs list if the applicable volume is HFS+ formatted) in the Terminal application to see conversion progress. Some users have found that conversion may not resume until you log in to an admin account while booted from your production startup volume, so try that if conversion appears to be stalled.

🔌 Keep your Mac plugged into AC power for the duration of encryption conversion

We have received a handful of reports from macOS Catalina users indicating that encryption conversion remains permanently paused if AC power is removed during the encryption conversion process. We have been unable to reproduce this result in our test lab — typically encryption conversion pauses when AC power is removed, but then resumes when AC power is restored. The number of reports to us, however, suggests that there is some underlying problem that may be new to macOS Catalina. To avoid this result, we recommend that you keep your Mac plugged in to AC power for the duration of encryption conversion. If you see an indication that encryption conversion is paused, try leaving the system plugged into AC overnight.

What if I don't want my personal data to ever be on the destination in unencrypted form?

Enabling FileVault on the destination means that the volume starts out unencrypted, and then over the course of several hours the data is encrypted in place. If the encryption conversion process completes successfully, then for most intents and purposes, no trace of the unencrypted data will be left on that disk. There are some caveats however. If your backup volume is an SSD, and if you delete files from the SSD prior to enabling encryption, then the SSD may automatically move the not-yet-encrypted underlying blocks out of rotation (for wear leveling), and those data could be recoverable by experts. Likewise, if the conversion process fails for any reason, then the data on that disk is potentially recoverable. If either of these scenarios is not acceptable, then we recommend that you exclude any sensitive data from the initial backup task. Don't exclude your whole home folder — you must include at least one folder from your home directory so that you can log in to that account on the backup.

After you have booted from the backup volume and enabled FileVault, you can then reboot from the production startup disk, remove the exclusions from your backup task, then run the backup task again to copy the remainder of your data. Any data that is copied to a volume that is in the midst of encryption conversion will be encrypted immediately.

Enabling encryption on a volume that will not contain an installation of macOS

If your backup volume won't be a bootable backup of macOS, simply right-click on that volume in the Finder and choose the option to encrypt the volume. If your Mac is running macOS High Sierra or later, please note that macOS will convert an HFS+ formatted volume to APFS when you enable encryption in this manner.

Finder option

Mounting the source or destination volume before a backup task begins

Without any additional configuration, CCC will attempt to mount your source and destination volumes before a backup task begins. This applies to many different volume types — ordinary volumes on locally-attached hard drives, disk images, network volumes, encrypted volumes – even encrypted volumes on remote Macs. If your source or destination volume is on a disk that is physically attached to your Mac (e.g. via Thunderbolt or USB), but it is not mounted, CCC can "see" that device and will attempt to mount it. If your source or destination is a network volume, CCC will obtain the credentials that you use to mount that device when you create the backup task, and will use those credentials to mount the volume before the task begins.

This also applies for nested volumes. For example, suppose you are backing up to a disk image on a network volume. CCC will first attempt to mount the network volume, then it will attempt to mount the disk image. Likewise, suppose you have a task configured to back up the contents of a folder on an encrypted volume. If you have saved the encrypted volume's passphrase in CCC's keychain, CCC will unlock and mount the encrypted volume before the backup task begins.

CCC's attempts to mount the source and destination volumes occur automatically before any other tasks, including pre clone shell scripts (described below), therefore it is not necessary to implement a shell script to pre-mount the source or destination.

Little Snitch may prevent the automated mounting of network volumes

If you're using Little Snitch to monitor and filter your inbound and outbound network traffic, you may find that CCC has trouble automatically mounting a network volume. If you run into this problem, configure Little Snitch to allow network access to the NetAuthSysAgent system service. NetAuthSysAgent is the macOS system service that fulfills application requests to mount network volumes.

SafetyNet Pruning

SafetyNet pruning is covered in more detail in this section of CCC's documentation.

Destination volume options

If you would like CCC to unmount your destination volume at the end of the backup task, choose Unmount the destination volume from the Destination volume management menu. If your destination is a folder, the text will be Unmount the underlying volume. If the destination is a disk image, CCC always unmounts the disk image volume, so this setting refers to the underlying physical volume upon which the disk image resides.

CCC will not forcefully unmount the destination volume. If an application has open files on the destination volume, CCC's attempt to unmount the volume will fail. CCC does not report this as an error, though it will make a note of it in the Task History window.

Yosemite users have an option to set the destination volume as the startup disk. Starting in El Capitan, however, Apple's System Integrity Protection prevents third-party applications from changing the startup disk setting. We do not recommend disabling System Integrity Protection to make this feature work, rather we recommend that you use the Startup Disk Preference Pane to change the startup disk selection.

Power management options

By default, at the end of a backup task, CCC will not perform any power management tasks. Instead, the system will perform as defined by the settings in the Energy Saver preference pane. For example, if you have the system configured to idle sleep after 20 minutes, the system will go to sleep if there hasn't been any user activity in the last 20 minutes. CCC activity is not considered user activity, so often the system will go to sleep immediately after CCC finishes a backup task.

If you choose one of the options from the Power management menu, CCC will reboot or shut down your Mac when the backup task finishes. The reboot and shutdown options are not forceful. If you have a document open with unsaved modifications, for example, the application would prompt you to save the document. If a save dialog is not attended to, the shutdown or reboot request will time out.

Turn off the computer if it was previously off

If your backup task is scheduled to run on a regular basis, this option will be enabled in the Power Management popup menu. This option is applicable if you would like to have CCC shut down your Mac at the end of the task, but only in cases where the Mac was booted at the task's scheduled run time. If your backup task runs when the system has been on for a while or has been sleeping, CCC will not shut down the Mac when using this option.

Power Management options are ignored in some cases

Power management options will not be applied to backup tasks that are cancelled (e.g. you click the Stop button). Additionally, power management tasks will not be applied if other CCC backup tasks are running or queued to run immediately after the current task finishes running. If your task is running as part of a Task Group, power management options will be deferred to when all tasks within the group have completed.

Power Management options are applied regardless of task success

Power management options will be applied whether the backup task completes successfully or not. If you prefer for a backup task to perform the power management action only when the backup task exits without error, see the pm_on_success.sh postflight script below.

Run another backup task (task chaining)

If you have more than one CCC backup task configured, the other tasks will be listed in this popup menu. To create a task chain (e.g. to run tasks sequentially), simply choose one of these tasks to have that task run automatically after the current task finishes. Tasks run in this manner will start after the current task has finished completely. Chained tasks will run regardless of the exit status of a preceding task in the chain, e.g. if the first task reports errors or fails to run at all, the second task will still run. Only the first task in a chain needs to be scheduled to start the chain.

Note: Postflight tasks will not be started if the current task was started via a task group. When you run a task group, we're specifically aiming to run exactly the tasks within that task group, and within the order specified. If you run the task manually, however, or if the task is run separately from the group on its own schedule, then the task's postflight task will be run.

Running shell scripts before and after the backup task

If there is functionality that you need that does not exist within CCC, pre and post clone shell scripts may be the solution for you. Pre clone shell scripts run after CCC has performed "sanity" checks (e.g. are the source and destination volumes present, is connectivity to a remote Macintosh established) but before copying files. If you need your preflight script to run before CCC does the source/destination sanity checks, specify the preflight script as a global preflight script in the Advanced section of CCC's Preferences window. Note that global preflight scripts run prior to every task, they are not task-specific. Also, please bear in mind that CCC automatically attempts to mount the source and destination at the beginning of the task, you should not be implementing a shell script to achieve that functionality. If you're having trouble with CCC pre-mounting the source and destination, please ask us for help rather than attempt to address the issue with a preflight shell script.

Post-clone shell scripts run after CCC has finished copying files and performing its own internal cleanup, but before unmounting any volumes.

CCC passes several parameters to pre and post clone shell scripts. For example, the following shell script:

#!/bin/sh echo "Running $0" echo `date` echo "Source: $1" echo "Destination: $2" echo "Third argument: $3" # Exit status for post-clone scripts, underlying volume path for a disk image for pre-clone scripts echo "Fourth argument: $4" # Destination disk image path, if applicable

Would produce the following output (you can redirect this output to a file of your own specification) if implemented as a post clone script:

Running /Library/Application Support/com.bombich.ccc/Scripts/postaction.sh Wed Oct 8 21:55:28 EDT 2014 Source: / Destination: /Volumes/Offsite Backup Third argument: 0 Fourth argument:

First parameter

The path to the source volume or folder. If the source volume is APFS-formatted, then this path will usually be the path to a temporary, read-only snapshot of the source (or the path to the source folder on the temporary, read-only snapshot). On macOS Catalina and later, if the source volume is a System volume, CCC will send the path to a snapshot of the Data sibling of the source as the first parameter.

Second parameter

The path to the destination volume or folder. If the destination is a disk image, this is the path to the mounted disk image. On macOS Catalina and later, if the destination volume is a System volume, CCC will send the path to the Data sibling of the destination as the second parameter, e.g. "/Volumes/Clone - Data".

Third parameter

Pre clone script: The underlying mountpoint for the volume that holds the destination disk image, if applicable.
Post clone script: The exit status of the file copying phase of the backup task.

Fourth parameter

The path to the destination disk image, if applicable.

If your pre clone script exits with a non-zero exit status, it will cause CCC to abort the backup task. This can be used to your advantage if you want to apply preconditions to your backup operation. If you want to be certain that errors in your pre clone shell script never cause the backup task to be aborted, add "exit 0" to the end of your script. If you would like that script to silently cancel the backup task, add "exit 89" to the end of the script. If the script is a global preflight script (specified in the Advanced section of CCC's Preferences window), you can add "exit 104" to the end of the script to cancel the backup task and to avoid recording a Task History event.

The post clone script will run whether the backup task exits successfully or not. If your script should behave differently depending on the result of the task, you can test whether the third parameter is zero (an exit status of "0" means the task ended successfully). For example:

#!/bin/sh source="$1" dest="$2" exitStatus=$3 if [ "$exitStatus" = "0" ]; then # task succeeded else # task failed or reported errors # Note: Do not assume that $source and $dest are populated # These will be empty if source or destination validation fails fi

If your postflight script exits with a non-zero exit status, CCC will not report this as a failure of the backup task. The failure will be noted in the Task History window, however.

AppleScripts are not supported

You cannot specify an AppleScript as a pre or post clone script, CCC currently only supports running shell scripts.

Shell scripts require a shell interpreter line

CCC does not assume a default shell environment when running your pre or postflight script. Not doing so gives users a great deal of flexibility; they can choose to write their scripts in any shell or programming language (e.g. bash, python, perl, ruby, C). For CCC to execute a shell script as an application, though, the system needs to know what shell should be used to interpret the script, and that value needs to be defined in your shell script. This is done simply by placing a shell interpreter line at the top of the file, e.g. #!/bin/sh.

Shell scripts run as the root user

CCC's pre and post clone shell scripts are executed as the System Administrator (aka "root"). As such, any references to your own shell environment will be invalid. When referencing tools that lie outside of the default $PATH, be sure to either specify the full path to the item (e.g. /usr/local/bin/foo), or export your own $PATH at the top of your script. Likewise, if you make relative references to files (e.g. ~/Desktop/foo.log), those files will be created in the root user account, e.g. /var/root/Desktop/foo.log. Use absolute paths for more reliable results.

Security implications of pre and post clone shell scripts

To prevent unauthorized modifications to your shell scripts, we recommend that you restrict the ownership and permissions of these scripts and to the folder in which they are contained. The parent folder and scripts should be writable only by the root user. For example, running the following in the Terminal application would secure any shell scripts located in the default location for pre and post clone scripts:

sudo chown -R root:wheel /Library/Application\ Support/com.bombich.ccc/Scripts sudo chmod -R 755 /Library/Application\ Support/com.bombich.ccc/Scripts

To further enhance the security of your pre and postflight scripts, CCC will require that scripts stored in the default location are owned by the root user and writable only by the root user, and that the Scripts folder itself is also owned and writable only by the root user. If a script that resides within the default Scripts folder does not meet these requirements, CCC will refuse to execute that script and the associated task will report an error.

After copying scripts into CCC's Scripts folder or making changes to those scripts, you can choose "Secure CCC's Scripts folder" from CCC's Utilities menu to correct any ownership or permissions concerns. Please note that these additional security requirements are only applied to scripts stored within the /Library/Application Support/com.bombich.ccc/Scripts folder. If you prefer to manage the security of your shell scripts on your own, you may store them in another location.

Example pre and post clone shell scripts

To use any of these example scripts, download the script and place it somewhere on your startup disk. By default, CCC looks in /Library/Application Support/com.bombich.ccc/Scripts.

parallels_pause.sh
This is a pre clone script that you can use to pause all currently-running Parallels VM containers. This script will also retain state information that can be read by the corresponding parallels_start.sh post clone script to resume these VMs after the backup task has completed. Note: This script relies on command-line tools offered only in Parallels Desktop for Mac Pro or Business Edition. Note #2: This script isn't necessary if your VM resides on an APFS-formatted volume. CCC will use a snapshot of the source, so pausing the VM is unnecessary.

parallels_start.sh
This post clone script will resume any Parallels VM containers that were suspended by the parallels_pause.sh pre clone script. Note: This script relies on command-line tools offered only in Parallels Desktop for Mac Pro or Business Edition.

play_sound.sh
If you want to play a unique sound, use this script. You can plug in the path to any audio file of your liking or try one of the examples included.

eject_source_and_destination.sh
CCC's option to automatically unmount the destination volume is a volume-level task, not a device task. It's also limited to the destination. If you want to eject the destination device, or if you want to unmount or eject the source, use this post clone script instead. Note that ejecting a device will unmount all volumes on the device. Also note that this example script adds a 60-second delay to accommodate macOS's desire to automatically regenerate various cache files. This delay can be adjusted if necessary by editing the script.

pm_on_success.sh
This post clone script will perform the requested power management option (e.g. shutdown, restart, sleep) at the end of the backup task if the backup task completes without errors. Use this in lieu of one of the Power Management postflight options if you prefer the power management action does not occur when a task ends with errors (e.g. if the destination volume is missing).

quit_application.sh and open_application.sh
This pair of scripts can be used to quit and open an application before and after the backup task. Open these scripts in a text editor to define the application that should be quit or opened.

post_to_slack.sh
This postflight script will post the status of your backup task to a Slack channel.

ifttt_maker.sh
This postflight script will post an IFTTT Maker Event of the status of your backup task.

Product:

ccc5

Tags:

Advanced Topics

CCC will only back up system files to or from locally-attached macOS-formatted filesystems

Ownership and permissions concerns

In the Finder, open a new window, then click on "Bob and Joe's Mac" in the Shared section of the sidebar.
Click on the Connect as... button.
In the authentication dialog, provide Bob's username and password, then click on the Connect button.
Choose the "Backup" volume from the list of shared volumes.

Sally mounted the network volume using Bob's credentials, so the files and folders created when she copied her files to the Backup volume are now owned by Bob's user account.
Some of the folders on Sally's computer prevented access by "other" users.

What can I do when there are permissions or ownership issues that prevent CCC from copying items to/from or updating items on a network volume?

If the computer hosting the network volume is a Mac, you can modify ownership and permissions in the Get Info panel for that folder (on the Mac hosting the network volume):

In the Finder, click on the folder whose permissions or ownership you would like to change.
Choose Get Info from the File menu.
In the Sharing & Permissions section at the bottom, click on the lock icon to make the permissions editable.
To change permissions, choose Read & Write from the popup menu next to the owner of the file or folder.
If the owner of the item is not the user account that you use to connect to this Macintosh, click on the + button
In the window that appears, select the user account that you use to connect to this Macintosh, then click the Select button.
Set the access privileges to Read & Write.
Click on the Gear menu and choose to apply the change to enclosed items.
Try your backup task again.

If the computer or device that is hosting the network volume is not a Macintosh, consult that device's documentation to learn how to change permissions and ownership of files and folders.

Alternative #2: You can create a new folder on the shared volume and specify that folder as the destination in CCC by choosing Choose a folder... from the Destination selector.

Limitations of non-macOS-formatted filesystems

Support for third-party filesystems

Support for Google Drive is "best effort". We've seen odd behavior when selecting Google Drive File Stream volumes as a whole as the source or destination for a task – CCC is unable to read the root folder during a backup task. CCC explicitly disallows that configuration. Selecting a subfolder on the Google Drive volume often works, and CCC will not disallow that configuration, however we frequently receive reports of inconsistent results when backing up to Google Drive, so we cannot offer support for this configuration.

There is one other notable concern with Google Drive File Stream – Google Drive will download files when they are accessed if they do not currently reside on your Mac's hard drive. If you specify a Google Drive folder as the source to a backup task, you should anticipate that cloud-only files may be downloaded to your Mac during the backup task. That behavior lies outside of CCC's purview, it cannot be modified with a CCC task setting.

Writable NTFS filesystems

Backing up a Boot Camp installation of Windows

Backing up the contents of an NTFS volume

NAS service failures can lead to unreliable backups

When you encounter an error caused by the file sharing service that hosts your network volume, there are a few workarounds that you can try to avoid the errors:

Eject the network volume on your Mac, then restart the computer or NAS device that is hosting the network volume. Reconnect to the network volume and try the backup task again.
Connect to the network volume using a different protocol. A different application is responsible for each protocol, so if the AFP service on your server has a bug, connecting to the SMB service may work more reliably (and vice versa). Choose Connect to server from the Finder's Go menu, then specify "smb://servername.local/volume" or "afp://servername.local/volume" to connect to the server using a different protocol. If you are unsure which protocol you are currently using, click on the mounted volume in the Finder, then choose Get Info from the Finder's File menu to find out.
If the errors persist when connecting to the network volume via both AFP and SMB, and restarting the file server does not change the outcome, then we recommend that you back up to locally-attached storage instead.

Some SMB services cope poorly with files and folders with special characters

Another common issue that people encounter when copying files to a NAS volume is errors that are the result of a name restriction. For example, Synology NAS devices (and many others) disallow file names that start with .lock, CON, PRN, AUX, NUL, COM0 - COM9, LPT0 - LPT9, _vti_, desktop.ini, any filename starting with ~$. These NAS devices often produce bogus error codes in these cases, e.g. "File name too long". Some NAS devices have specific character restrictions as well, e.g. NAS devices that follow the Microsoft OneDrive naming conventions, which exclude " * : < > ? / \ |, and leading and trailing spaces in file or folder names also aren't allowed.

Product:

ccc5

Tags:

Advanced Topics

A welcome side-effect of cloning one volume to another is that the files on the resulting volume are largely defragmented. While fragmentation is not as significant of an issue as it used to be (e.g. in the Mac OS 9 days), people that have begun to fill the last 10-15% of their boot volume may see some performance benefit from defragmentation. If you find yourself in this situation, this is also a really good time to consider migrating to a larger hard drive altogether, or to an SSD, which is not affected by fragmentation.

Defragmentation is a natural result of backing up your data to an empty backup volume. Simply prepare your backup volume for use with Carbon Copy Cloner, then use CCC to clone your source volume to your destination volume.

"Clone, wipe, restore"— think twice before you wipe that original volume

It may be really tempting to do the following:

Clone your boot volume — the one with your lifetime of irreplaceable data — to another hard drive
Boot your Mac from that cloned volume
Use Disk Utility to wipe the original volume
Restore the cloned volume to the original volume

Very quickly you'll be booted back up from your boot volume and you'll have a backup to boot, right? In most cases, this would work out great for you, and you'd be fine. There are two really good reasons, however, to stop after the second step and take a breather:

As soon as you erase the original volume, you're down to one copy of your data — you have no backup. The restore task will stress both the source and destination disks with massive reads and writes. If either disk were on the verge of failure, this level of stress could push it over.
You really should take the time to verify your backup. I trust CCC with my data, but do I trust that I asked it to copy the right items? Did my destination disk turn out to be a lemon?

The Best Practice for defragmenting your hard drive

Establish a backup regimen to a primary backup volume. Test your backups regularly.
Quit open applications and use CCC to update your backup one last time.
Use CCC to clone your hard drive to some physical volume other than your primary backup.
Boot from the cloned volume.
Use Disk Utility to reformat your original volume.
Use CCC to restore your cloned volume back to the original volume.
Boot from the original volume.

Performance upon first boot from a cloned volume will always be slightly slower than normal as Spotlight reindexes your data. When the system has "settled down", you will be able to evaluate whether the defragmentation has offered any performance benefit.

Product:

ccc5

Tags:

Advanced Topics

CCC is fully qualified for use with FileVault-protected volumes (HFS+ and APFS). CCC offers some advice around enabling encryption in the Disk Center.

Enabling encryption on a volume that contains (or will contain) an installation of macOS

If your goal is to create a bootable, encrypted backup, use the following procedure:

Follow CCC's documentation to properly format the destination volume. Do not format the volume as encrypted. Choose APFS if your Mac is a T2 Mac (e.g. iMac Pro, 2018 MacBook Pro; see the full list here).
Use CCC to back up your startup disk to the unencrypted destination volume.
If you're running an OS older than Mojave, select the destination volume in CCC's sidebar, then click the Recovery HD button to create a Recovery HD volume. Note: You must be logged in to an administrator account to perform this step. This step is unnecessary if your destination is an APFS-formatted volume.
In the Startup Disk preference pane in the System Preferences application, select the backup volume as the startup disk and restart.
Enable FileVault encryption in the Security & Privacy preference pane of the System Preferences application.
In the Startup Disk preference pane in the System Preferences application, select your production startup volume as the startup disk and restart.
Configure CCC for regular backups to your encrypted backup volume.

You do not have to wait for the conversion process to complete before rebooting from your production startup disk

🔌 Keep your Mac plugged into AC power for the duration of encryption conversion

What if I don't want my personal data to ever be on the destination in unencrypted form?

Enabling encryption on a volume that will not contain an installation of macOS

Finder option

Filesystem implementation details

.HFS+ Private Directory Data*
/.journal
/.journal_info_block
.afpDeleted*
._*
.AppleDouble
.AppleDB
/lost+found
Network Trash Folder
.TemporaryItems

Volume-specific preferences

.metadata_never_index
.metadata_never_index_unless_rootfs
/.com.apple.timemachine.donotpresent
.VolumeIcon.icns
/System/Library/CoreServices/.disk_label*
/TheVolumeSettingsFolder

Apple-proprietary data stores

.DocumentRevisions-V100*
.Spotlight-V100
/.fseventsd
/.hotfiles.btree
/private/var/db/systemstats

Volume-specific cache files

/private/var/db/dyld/dyld_*
/System/Library/Caches/com.apple.bootstamps/*
/System/Library/Caches/com.apple.corestorage/*

NetBoot local data store

/.com.apple.NetBootX

Dynamically-generated devices

/Volumes/*
/dev/*
/automount
/Network
/.vol/*
/net

These items represent special types of folders on macOS. These should not be backed up, they are dynamically created every time you start the machine.

Quota real-time data files

/.quota.user
/.quota.group

Large datastores that are (or should be) erased on startup

/private/var/vm/*
/private/tmp/*
/cores
/macOS Install Data

Trash

.Trash
.Trashes

Choose Copy Some Files from the popup menu underneath the Source selector
Click the Inspector button adjacent to that same popup menu to reveal the Task Filter window
Uncheck the box next to Don't copy the Finder's Trash
Click the Done button

Time Machine backups

/Backups.backupdb
/.MobileBackups
/.MobileBackups.trash
/private/var/db/com.apple.backupd.backupVerification

Corrupted iCloud Local Storage

Library/Mobile Documents.*
.webtmp

Special files

/private/tmp/kacta.txt
/private/tmp/kactd.txt
/private/var/audit/*.crash_recovery
/private/var/audit/current
/Library/Caches/CrashPlan
/PGPWDE01
/PGPWDE02
/.bzvol
/.cleverfiles
/Library/Application Support/Comodo/AntiVirus/Quarantine
/private/var/spool/qmaster
$Recycle.Bin
Library/Preferences/ByHost/com.apple.loginwindow*
.dropbox.cache
/private/var/db/atpstatdb*

CCC SafetyNet folders

Product:

ccc5

Tags:

Frequently Asked Questions (FAQ)

Advanced Topics

Note: The topics in this article are not relevant to APFS-formatted destination volumes that have CCC snapshot support enabled. For those volumes, CCC leverages snapshots to implement the SafetyNet functionality, and the snapshots aren't affected by any of the shortcomings described here.

How do I restore files from the _CCC SafetyNet folder?

CCC's SafetyNet folder ("_CCC SafetyNet") is excluded from CCC's backup tasks by default because it contains older versions of modified files, and files that were deleted from the source volume. Typically when you restore data from your backup volume, you will want to avoid restoring the items in this folder, choosing instead to restore the most recent backup of your files.

If there is something that you would like to restore from the CCC SafetyNet folder, a drag and drop restore in the Finder is usually the easiest way to do so. If you would like to restore many items, or merge them into an existing folder, choose Choose a folder... from CCC's Source selector and choose the folder from which you would like to restore. If you choose the _CCC SafetyNet folder as the source, note that the full path to your archived files will be preserved, e.g. 2017-07-27 (July 27) 14-11-18/Users/fred/Documents/some file.pdf. In most cases, you will want to choose a subfolder within the archives folder as your source. Likewise, choose Choose a folder... from CCC's Destination selector and select the specific folder that you want to restore items into.

Why can't I open some files in the _CCC SafetyNet folder?

When CCC evaluates the items on your destination and determines whether they should be archived or left in place, it does so on a file-by-file basis. This poses a challenge for bundle files — files that are actually a folder of files, but presented by the Finder as a single file. As a result, bundle files (e.g. applications, some types of libraries, some custom file types) may appear in an incomplete form within the CCC SafetyNet folder.

Unless all of the components within a bundle file are modified, only the items that have been updated will be present. Incomplete bundle files are generally not useful on their own, but their contents can be. For example, if you accidentally deleted a photo from your iPhoto library, you would be able to recover that lost photo from the archived iPhoto library bundle. To reveal the content of an incomplete bundle file in a CCC SafetyNet folder, right-click (or Control+click) on the item and choose Show package contents from the contextual menu.

Can I restore a previous version of the OS using one of the archives in the _CCC SafetyNet folder?

No. CCC's SafetyNet folder is not intended to offer a method for rolling back software updates, OS restores should always be done from the complete backup at the root level of your destination, or from a snapshot.

I deleted files from my startup disk to make more room, but now it's hard to find some of those files on my backup volume

This generally isn't a concern for ordinary "flat" file types, but it it can be a concern for certain applications that store lots of files in a single, monolithic-appearing container file. Some applications offer highly customized interfaces to access a specific file type. Photos, for example, allows you to manage tens of thousands of photo files. These files are all stored in a proprietary bundle file in your home folder, but because photos are so easy to organize within Photos, many people don't consider how those files are organized on the hard drive. Usually you really don't have to either. That is, of course, until you can no longer use Photos to access your photo files, and that's exactly what happens when you delete files from your Photos library, abandoning them to the SafetyNet folder on your backup volume.

If you have a habit of periodically deleting photos, music, or movies from Photos, iTunes, Aperture, or any other application that uses a proprietary bundle file format so that you can "free up some space on your startup disk", consider how those files will be organized on the destination. Specifically, keep in mind that you use a very elaborate application to access these files on the source volume, but you will only have the Finder to access these files on the backup volume.

CCC can't reorganize your deleted files in a way that's logical to you, it can only place them at the same path in the _CCC SafetyNet folder as they were on the source volume. For files buried in a bundle file on the source (as is the case for Photos, for example), this means that the files will be buried in bundle files in various time-stamped archive folders on the destination. These files will also be subject to deletion if you configure CCC to periodically prune the contents of the SafetyNet. In short, simply archiving deleted files from applications such as these isn't going to be the best way to store these items long-term if your goal is ultimately to keep them.

When you want to free up some space on your startup disk, consider this approach instead, using Photos as an example:

Create a new folder at the root level of your backup volume, named something like "Archived Photos 2016".
In Photos, delete all of the photos that you want to remove from your source volume. When you delete these items, they are placed in the Recently Deleted album.
Click on the Recently Deleted album in the Photos sidebar and select all of the photos in that folder.
Drag all of the selected photos from the Recently Deleted album to the "Archived Photos 2016" folder on the backup volume.
Once the photos are safely copied to and neatly organized on the backup volume (and ideally, after you have made a second backup of these precious files on some other volume), go ahead and click the Delete All button in the Recently Deleted album.

Not all applications have this kind of internal Trash folder, so be sure to see how it works for other applications before applying these exact steps. The general idea, though, is that you should deliberately archive the items that you're removing from your source volume in a way that makes sense to you rather than passively allowing CCC to archive them in a manner that makes sense to the computer.

Why can't I delete some items from the SafetyNet folder? The Finder says that some items are in use.

In OS X El Capitan, Apple introduced a new feature called System Integrity Protection (SIP). SIP works by preventing any user from deleting certain protected system items on the startup disk. If you boot your Mac from a backup volume and restore system files to your startup disk, CCC will place outdated versions of those system files into the SafetyNet folder. These modifications are allowed because CCC is making changes to that volume while it is not the current startup disk. When you restart your computer from that destination volume, however, SIP re-engages and may then prevent you from deleting the protected items that were placed into the SafetyNet folder. If you attempt to delete these items, the Finder will report that they cannot be deleted because they are in use, or because they are protected. If you try to delete these items in the Terminal application, you'll get a more distinct error message, "Operation not permitted".

CCC won't have any trouble pruning the SafetyNet folder on its own during ordinary backup tasks. If you would like to remove an item from the SafetyNet manually, however, or if you would like to remove the entire folder:

Choose Delete a SafetyNet folder from CCC's Utilities menu
Drag the folder you want to delete onto the window that is presented. Alternatively, you can click on the drop zone in the window that is presented to make your selection from a navigation panel.

If the item you're trying to remove is on your current startup disk, CCC will move the item to the root of your startup disk, then instruct you to boot your Mac from some other volume (e.g. your backup disk). Once booted from the backup volume, you can repeat the same steps with CCC to remove the SafetyNet folder.

If you're still having trouble after trying that, don't hesitate to ask us for help.

How can I prevent Migration Assistant from copying the CCC SafetyNet folder during a migration?

I have SafetyNet enabled, why can't I find a "_CCC SafetyNet" folder on the destination?

There are three primary reasons that the SafetyNet folder will be missing or difficult to find on the destination:

An empty SafetyNet folder will be removed at the end of the backup task

If CCC finds nothing to archive over the course of the backup task, the SafetyNet archive will be empty at the end of the backup task. If CCC finds that the SafetyNet archive is empty at the end of the task, CCC will remove it. Likewise, if the "_CCC SafetyNet" folder is subsequently empty, that folder will also be removed at the end of the backup task.

The Legacy SafetyNet folder is not used when snapshots are enabled on the destination

When snapshots are enabled on an APFS-formatted destination volume, CCC will implement the SafetyNet feature using snapshots rather than placing files into a separate folder on the destination. Select your destination volume in CCC's sidebar to find these SafetyNet snapshots.

The root level of an APFS Data volume is not visible in the Finder

CCC stores the SafetyNet at the root level of the destination. When you're making a backup of macOS Catalina or later, the destination will be an APFS Volume Group, and the SafetyNet will be placed at the root level of the Data member of that group. Root-level items of the Data volume are not immediately visible in the Finder. To reveal the SafetyNet folder on an APFS volume group, right-click on your CCC Backup - Data volume (for example) in CCC's sidebar and choose the Reveal in Finder option.

I selected "Don't delete anything", why is CCC placing items in the "_CCC SafetyNet" folder on the destination?

When you select the Don't delete anything SafetyNet setting, CCC applies that setting very literally. If CCC encounters a file on the destination that must be replaced with a newer version from the source, CCC cannot delete the older version of that file that is on the destination. That older file is instead placed into the "_CCC SafetyNet" folder on the destination.

Can I back up an encrypted volume to a non-encrypted volume?

If I back up an encrypted volume to a non-encrypted volume, will the copied files be encrypted on the destination?

Will Carbon Copy Cloner enable encryption on my backup volume?

Do I have to wait for encryption to complete before rebooting from my production volume?

What password do I use to unlock my encrypted volume?

What happens if I change my account password on the source volume? Does the encryption password on the backup volume get updated automatically?

I enabled encryption on my 3TB USB backup disk. Why can't I boot from that volume any more?

Can I create a bootable backup on a pre-encrypted volume? Why do you recommend cloning to a non-encrypted volume first?

I restored my backup to another Mac that had FileVault enabled, and now I can't unlock the cloned volume.

I can't enable FileVault, I'm told that my account cannot be used to manage encryption on this Mac

The Startup Security Utility reports that authentication is needed, but no administrators can be found

After cloning to an APFS volume that previously had FileVault enabled, the destination can't be unlocked on startup

After cloning to an APFS Encrypted volume there is a 24-second stall during startup

Manually regenerating a SecureToken

I don't want to erase my destination again, is there any way to fix this?

Related Apple Bug Reports

My YubiKey authentication device can't unlock my encrypted backup volume on startup

Restoring individual items or an entire disk image to another hard drive using CCC

Restoring system files to your startup disk

Restoring system files to your startup disk when you don't have a bootable backup

High Sierra and Mojave

El Capitan and Sierra

Yosemite

Using Migration Assistant to migrate data from a disk image

Migration Assistant and the CCC SafetyNet

Migration Assistant and Yosemite, El Capitan

Use strict volume identification

Protect root-level items

Find and replace corrupted files, "Backup Health Check"

Using the "Find and replace corrupted files" option to verify your backup

Troubleshooting Options

Run a deletion pass first

Don't update newer files on the destination

Don't preserve permissions

Don't preserve extended attributes

Related Documentation

Reduce the number of files considered for backup

Related Documentation

Hard drive performance and interface bandwidth

Filesystem performance and hardware type

Spotlight Indexing

Find and replace corrupted files

Target Disk Mode is slow

Other applications and conditions that can lead to performance problems

Related Documentation

Automatically prune archived content before copying files

Prune archives in the SafetyNet when free space is less than [xx] GB

Auto Adjustment of the SafetyNet Free Space pruning limit

Prune archives in the SafetyNet when they are older than [xx] days

Prune archives in the SafetyNet when they are larger than [xx] GB

Never prune archives in the SafetyNet

"CCC is pruning my SafetyNet, but the disk is still pretty full at the end of the backup task"

"Can I use the _CCC SafetyNet folder for long-term archiving of specific items?"

"I manually moved the _CCC SafetyNet folder to the Trash, but now I get an error when trying to empty the Trash"

Additional References

Related Documentation

Use strict volume identification

Protect root-level items

Find and replace corrupted files, "Backup Health Check"

Using the "Find and replace corrupted files" option to verify your backup

Troubleshooting Options

Run a deletion pass first

Don't update newer files on the destination

Don't preserve permissions

Don't preserve extended attributes

Related Documentation

Read/write "sparseimage" disk images

Read/write "sparsebundle" disk images

Running out of space on a sparseimage or sparsebundle disk image

Read-only disk images

Encrypting disk images

Running a backup task whose destination is a disk image on the startup disk

Sparsebundle disk images are not supported on some filesystems

Why can't I use a sparsebundle disk image on a filesystem that does not support the F_FULLFSYNC file control?

Snapshots and Disk Images

A message for new Mac users coming from the Windows world

Related Documentation

Filesystem implementation details

Volume-specific preferences

Apple-proprietary data stores