Enabling Ransomware Protection on MediaAgents

Commvault software provides the ability to protect all mount paths associated with disk libraries configured from a MediaAgent against Ransomware attacks.

Before You Begin

  • When Ransomware protection is enabled on a MediaAgent, non Commvault processes (like a Ransomware running on the MediaAgent) will not be allowed to modify, delete or access the files on both the locally attached mount paths and the network mount paths. This includes OS level operations used to write/modify/delete data. Files can be copied from the mount path, but paste or copy operation to the mount path cannot be performed.

  • To ensure full protection of data on a network mount path, the network share should have restricted permissions with only a specific Commvault backup user with write, modify and delete permissions. Make sure that no other user, other than this specific backup user has write, modify or delete permissions on this network share, with possible exceptions to system and other important accounts like admin who may require these permissions to browse the mount path folder locally. It is highly recommended that the permissions to the network mount path be as restrictive as possible. In addition, ensure the following:

    • This Commvault backup user credentials is used to configure the Commvault disk library mount path.

    • Ransomware protection is enabled from all the MediaAgents accessing this share.

  • When you have multiple instances of the MediaAgent software installed in a machine, Ransomware protection must be enabled in only one of the instances. If it is enabled in both the instances at the same time, Ransomware protection will not behave as intended.

  • This feature is applicable for Windows MediaAgents with V11 SP6 and higher.


  1. From the CommCell Browser, expand to Storage Resources > MediaAgents.

  2. Right-click the appropriate MediaAgent and click Properties.

  3. Click the Advanced tab.


    This tab will be displayed for Windows MediaAgents with access to a mount path.

  4. Select the Ransomware protection check box.


This will enable write-protection from Ransomware and continuously protect all mount paths associated with disk libraries configured in the MediaAgent. Once the write-protection from Ransomware is enabled, it may take a few minutes to take effect - a maximum of 30 minutes based on the Interval (Minutes) between disk space updates parameter established in Media Management Configuration: Service Configuration.

Additional Information

  • The Commvault software automatically detects ransomware and generates alerts and event messages as notifications. The ransomware check occurs once every four hours. For more information, see Ransomware Protection.

  • Administrative shares pose a security vulnerability on disk library mount paths and must be disabled on the MediaAgents hosting the shares. For more information, see Reconfiguring Mount Paths that Use Administrative Share.