On a Windows CommServe, the Commvault software protects the Disaster Recovery (DR) backup folder paths (local and UNC) from ransomware attacks, by default.
Non Commvault processes (like a Ransomware running on the computer) will not be allowed to modify, delete or access the files on both the local and UNC folder paths. This includes OS level operations used to write/modify/delete data. Files can be copied from the folder paths, but paste or copy operation to the folder paths cannot be performed.
To ensure full protection of the DR backup data on a UNC path, the network share should have restricted permissions with only a specific Commvault backup user with write, modify and delete permissions. Make sure that no other user, other than this specific backup user has write, modify or delete permissions on this network share, with possible exceptions to system and other important accounts like admin who may require these permissions to browse the mount path folder locally. It is highly recommended that the permissions to the network share be as restrictive as possible.
Additional Information
-
The Commvault software automatically detects ransomware and generates alerts and event messages as notifications. The ransomware check occurs once every 4 hours. For more information, see Ransomware Protection.
-
Administrative shares pose a security vulnerability on DR backup folder paths and must be disabled on the server hosting the shares. For more information, see Removing Administrative Shares from Windows Servers.