By default, Commvault monitors and analyzes your backup environment to identify the possible presence of ransomware on your infrastructure computers. Unusual changes in files and backup files (for example, large numbers of files being created, deleted, modified, or renamed) may indicate the presence of ransomware or other types of threats in your backup environment.
The Unusual file activity panel in the Command Center displays information about such anomalous file activity on active client computers and in backup jobs. This panel provides a single location for identifying this activity, and allows you to act on potential threats with quick and safe recovery options, as follows:
View file path information for the file anomalies and track anomaly trending information
Recover the most recent good versions of files
Recover the entire client computer as a virtual machine
Commvault bases its file anomaly thresholds on historical activity and machine-learning algorithms, which separate false positives from typical activity on the file system.
You can configure the alerts when anomalous activities are detected. For more information, see File Activity Anomaly Alert.
Note: The file anomalies that are older than 7 days are pruned automatically.
Where to Access the Panel
You can view the Unusual file activity panel in the Command Center.
Note: To view the Unusual file activity panel, both the client and the CommServe computer need to be at Feature Release 11.23 or higher.
Who Can View the Panel
The Unusual file activity panel for file and backup job anomalies is available to tenant administrators as well as to users who have the necessary permissions on the client computer with the anomaly.
What Is Monitored
Windows clients that have the file system package installed can be monitored for unusual activity on the file systems and in backup jobs.
Linux clients can be monitored for unusual activity in backup jobs.
Network shares can be monitored for unusual activity in backup jobs.
VSA and non-file system clients can be monitored if the file system package is installed in restore-only mode.
What You Can View in the Panel
The following table includes descriptions for all the columns in the Unusual file activity panel.
The client computer.
When you click the client computer, the following detailed reports are available:
You can use the reports to analyze the statistics.
File anomaly type
The type of anomalous activity, such as the following:
The number of files that were created at the detected time.
The number of files that were renamed at the detected time.
The number of files that were deleted at the detected time.
The number of files that were modified at the detected time.
The time when the anomaly was detected.
Click the action button , and then select one of the following options: