Commvault Threat Scan Requirements

The following requirements are for Commvault Threat Scan.

License Requirements

Commvault Threat Scan license

Threat Scan Server Requirements

Set up a server used for scanning data.

Hardware Requirements

Component	System Limits
Source data size per node	200 TB	400 TB
Objects per node (estimated based on an average file size of 2 MB)	100 million	200 million
Average file size	2 MB	2 MB
CPU or vCPU	16 cores	32 cores
RAM ¹	32 GB	64 GB
Index disk space ¹ (SSD class disk recommended)	1 TB	2 TB

¹ Not applicable for VM scans.

Note

To scale for larger configurations, you can add additional nodes, but you must ensure that the nodes are running the same OS. For more information, see Adding a Node to the Index Server.
The maximum size of file that can be analyzed is 50 MB.
This is not applicable for VM scans.

Software Requirements

Important

Use the most recent version of the operating system that is listed. The Commvault software fully supports the most recent version of an operating system, until the vendor ends support. More recent versions of the Commvault software might not install on operating systems that are not supported by the vendor anymore. For information about the support lifecycle of an operating system, contact the vendor.

Linux

Red Hat Enterprise Linux/CentOS 7.3 or a more recent version.
Rocky Linux 8.x or 9.x

Windows

Operating system	Processor architecture
Windows Server 2022	All Windows-compatible processors are supported
Windows Server 2019 (Standard, Datacenter) (64-bit only)	All Windows-compatible processors are supported.
Windows Server 2019 Editions	All Windows-compatible processors are supported.
Windows Server 2016	All Windows-compatible processors are supported.
Windows Server 2016 Editions Nano Servers are not supported. For more information, see Considerations for Windows Server 2016.	All Windows-compatible processors are supported.

Networking Requirements

At a minimum, you must open port 8403 both ways on your firewall between the Threat Scan server and the CommServe server and MediaAgent. For all other standard networking requirements, see Port Requirements for Commvault .
Threat Scan automatically updates malware signature definitions on the Threat Scan server every 24 hours. To allow these updates to occur, you must open port 443 outbound from the Threat Scan server to the following URL: https://oem.avira-update.com/update.
Advanced network settings can be used to isolate the Threat Scan server. Using Commvault network topologies, you can configure different network ports as well as tunnel communication between the Threat Scan server, CommServe server, and MediaAgent, in order to create an isolated scanning server. For more information, see Network Topologies.

Using a Proxy Server for Signature Updates

To use a proxy server for signature updates, see Configuring a Proxy Server to Perform Virus Definition Updates.

Commvault Package Requirements

Install the following Commvault packages on the Threat Scan server:

Note

For interactive installs, you only need to install the Commvault Threat Scan package. All dependencies will be automatically selected.

Content Analyzer
Index Gateway
Index Store
MediaAgent
Threat Analysis
Virtual Server Agent (applicable only to Threat Analysis for Virtual Server Agent).

Antivirus Exclusions

If an antivirus product is active on the scanning/index server, it is recommended that you follow general Commvault antivirus exclusion recommendations. For more information, see the following:

At a minimum, the antivirus product must exclude the following processes and directories:

Processes
- CvFileScan.exe
- CvDistributor.exe
- CLRestore.exe
Directories
- CVInstallDir\iDataAgent\JobResults\DM2CacheDir
- CVInstallDir\CVCIEngine\CvPreviewHome\CAcache