Commvault Threat Scan Advanced Requirements

The following are Commvault Threat Scan advanced requirements for software-managed deployments and SaaS deployments.

Index Cache and Job Results Disk Space Requirements

Virtual machine Threat Scan operations require disk space on the MediaAgent that hosts the Threat Scan index, as well as on the Threat Scan access nodes where the job results directory resides.

• Minimum disk space requirement for index cache: 1 TB

• Minimum disk space requirement for job results directory: 1 TB

Networking Requirements

• At a minimum, you must open port 8403 both ways on your firewall between the Threat Scan server and the CommServe server and MediaAgent. For all other standard networking requirements, see Port Requirements for Commvault .

• Advanced network settings can be used to isolate the Threat Scan server. Using Commvault network topologies, you can configure different network ports as well as tunnel communication between the Threat Scan server, CommServe server, and MediaAgent, in order to create an isolated scanning server. For more information, see Network Topologies.

File System Support for VM Workloads

• For Windows VMs that use the Resilient File System (ReFS), the access node must run the same or a newer Windows OS version.

• For BTRFS support, an access node running on Oracle Linux 9.x or Ubuntu 24.04 is required.

• For a Windows guest VM using Storage Spaces, ensure that the Windows Threat Scan access node runs the same or a newer version of Windows. For example, for a Windows 2022 guest VM, the access node must run Windows 2022 or a newer version.

Update Avira Signatures

Threat Scan automatically updates malware signature definitions on the Threat Scan server every 24 hours.

• To allow updates, open outbound port 443 from the Threat Scan server to the following URL: https://oem.avira-update.com/update.

• To use a proxy server for signature updates, see Configuring a Proxy Server to Perform Virus Definition Updates.

• For information about updating signature updates in fully isolated (dark-site) environments, see the KB article "Threat Scan — Manual Avira VDF Update for Dark-Site Environments".

Antivirus Exclusions

If an antivirus product is active on the scanning/index server, it is recommended that you follow general Commvault antivirus exclusion recommendations. For more information, see the following:

• Antivirus Exclusions for Windows

• Antivirus Exclusions for UNIX and Macintosh

At a minimum, the antivirus product must exclude the following processes and directories:

• Processes

  • CvFileScan.exe

  • CvDistributor.exe

  • CLRestore.exe

• Directories

  • <CVInstallDir>/iDataAgent/jobResults/CV_JobResults/

    Where:

    • <CVInstallDir> is the actual installation path.

Auto-Scaling

Auto-scaling using Scale Manager for VM workloads is supported only on Azure and AWS virtual machines.

For more information, see the following:

• Auto-Scaling for Azure Access Nodes

• Auto-Scaling for Amazon Access Nodes