Commvault software provides the ability to protect all mount paths associated with disk libraries configured from a MediaAgent against Ransomware attacks.
You can also use the Enable Ransomware Protection app to monitor and turn on ransomware protection features in the CommCell Console. For more information and to download the app, on the Commvault Store, see Enable Ransomware Protection.
Before You Begin
-
When Ransomware protection is enabled on a MediaAgent, non Commvault processes (like a Ransomware running on the MediaAgent) will not be allowed to modify, delete or access the files on both the locally attached mount paths and the network mount paths. This includes OS level operations used to write/modify/delete data. Files can be copied from the mount path, but paste or copy operation to the mount path cannot be performed.
-
To ensure full protection of data on a network mount path, the network share should have restricted permissions with only a specific Commvault backup user with write, modify and delete permissions. Make sure that no other user, other than this specific backup user has write, modify or delete permissions on this network share, with possible exceptions to system and other important accounts like admin who may require these permissions to browse the mount path folder locally. It is highly recommended that the permissions to the network mount path be as restrictive as possible. In addition, ensure the following:
-
This Commvault backup user credentials is used to configure the Commvault disk library mount path.
-
Ransomware protection is enabled from all the MediaAgents accessing this share.
-
-
When you have multiple instances of the MediaAgent software installed in a machine, Ransomware protection must be enabled in only one of the instances. If it is enabled in both the instances at the same time, Ransomware protection will not behave as intended.
-
This feature is applicable for Windows MediaAgents with V11 SP6 and higher. MediaAgents on Cluster Shared Volumes (CSV) are supported from 11.20 with maintenance release 11.20.42 and higher releases. To enable support on V11 SP17 to v11 SP19 releases, contact Customer Support.
Procedure
-
From the CommCell Browser, expand to Storage Resources > MediaAgents.
-
Right-click the appropriate MediaAgent and click Properties.
-
Click the Advanced tab.
Note
This tab will be displayed for Windows MediaAgents with access to a mount path.
-
Select the Ransomware protection check box.
Additional Information
-
The Commvault software automatically detects ransomware and generates alerts and event messages as notifications. The ransomware check occurs once every four hours. For more information, see Ransomware Protection.
-
Administrative shares pose a security vulnerability on disk library mount paths and must be disabled on the MediaAgents hosting the shares. For more information, see Reconfiguring Mount Paths that Use Administrative Share.