Threat Analysis

Threat analysis is a Commvault Threat Scan feature that scans backup content files and network share filesystem backups for malware infection using a built-in signature based scanning engine.

You can create a threat analysis plan to proactively run threat analysis scans on your critical file system workloads. Once a threat analysis plan is created, you can associate your critical file servers to the plan so they are scanned on schedule. All backup data is recovered to the scanning server, scanned for malware, and then immediately removed from the cache. When malware threats are detected, they are automatically quarantined from your backup data. Restore operations will not reinfect the environment, thus minimizing the impact of reinfection and impact on your recovery objectives.

Detected malware can be viewed on the Unusual File Activity dashboard as a threat analysis anomaly.


  • The system updates malware definitions every 24 hours.

  • Threat analysis is not supported for OnePass subclients and Archiver subclients. These subclients are automatically excluded from threat analysis operations.