Commvault Threat Scan allows organizations to scan backup files for malware, and analyze backup files for high levels of entropy and change, which can indicate ransomware and/or malware infections within backup data. After detecting these threats, the user can quarantine the threats so that data recovery will automatically recover pre-infected versions of files and eliminate the reintroduction of malware within the backup environment. This allows organizations to recover clean data faster and reduce the risk of reinfection during recovery operations.
Commvault Threat Scan uses the following techniques:
-
Signature-based malware scanning of backup files using regularly updated virus definitions.
-
Threat Scan Predict: Detection of unknown zero day malware variants within backup files using artificial intelligence (AI) and machine learning (ML) techniques.
-
Forensic analysis of backup files: Detection of suspicious content changes, hash changes, and high entropy across multiple snapshots, which could indicate that files are encrypted or corrupted.
-
Quarantining of threats and suspicious files within backup files.
-
Last known good recovery and clean recovery of backup files.