> Expert > CommCell Management > Security > Ransomware Monitoring and Hardening > Monitoring Sensitive Data and Anomalies > Analyze Backup Content for Threats > Threat Scan > Threat Analysis

Threat Analysis for Virtual Server Agent

Threat Analysis for Virtual Server Agent is a Commvault Threat Scan feature that scans virtual machine (VM) backups for malware infection using a built-in signature based scanning engine. Detected malware can be viewed on the Threat Indicators dashboard as a threat analysis anomaly.

Note

  • This feature is available only with the Threat Scan for Files or Threat Scan for VMs license.

  • The system updates malware definitions every 24 hours.

Support

  • Threat Analysis for Virtual Server Agent is supported for virtualization clients using Indexing V2.

  • Threat Analysis for Virtual Server Agent is supported for the VMs that are restored to VMware. For more information, see Cross-Hypervisor Restores (Virtual Machine Conversion).

  • For Windows, Threat Analysis for Virtual Server Agent is certified for NTFS and FAT32 file systems.

    Note

    Disk using storage space or from filer servers is not supported.

  • For Linux, note the following:

    • The access node and the guest VM to be analyzed should have the same operating system.

    • Threat Analysis for Virtual Server Agent is certified for XFS, Ext2, Ext3, and Ext4 file systems.

Requirements

  • If you are configuring a dedicated and isolated environment to run Threat Analysis on VMs, the following reference configuration can be used for the ESXi server:

    • CPU: 8 physical cores

    • Memory: 64 GB

    • Network: 10 Gbps (redundant network interfaces are recommended for failover and load balancing)

    • Storage: ~ 2 TB datastore. This will be used as a staging area. Storage requirements are proportional to the number of VMs processed in parallel. The following formula can be used to compute the required storage:

      Required storage = 1.25 * 5 * [Number of Threat Scan servers] * [Average VM size]

      If you plan to use the VMs hosted on this ESXi server as Threat Scan servers, you can scale the configuration based on the documented hardware requirements for those Threat Scan servers.

  • To view the file grid information on the Threat Analysis details page, the user must have browse permissions. Otherwise, the user can view only the graph, not the file grid, with the affected files and their paths.

Loading...