Threat Analysis for Virtual Server Agent is a Commvault Threat Scan feature that scans virtual machine (VM) backups for malware infection using a built-in signature based scanning engine. Detected malware can be viewed on the Threat Indicators dashboard as a threat analysis anomaly.
Note
-
Threat Analysis for Virtual Server Agent cannot analyze encrypted VMs.
-
This feature is available only with the Threat Scan for Files or Threat Scan for VMs license.
-
The system updates malware definitions every 24 hours.
-
To ensure that file scanning of VM backups is not interrupted, either the job results directory on the access node must be added to antivirus exclusions, or all third-party antivirus software must be disabled. Additionally, advanced network settings can be used to isolate the Threat Scan server. Using Commvault network topologies, you can configure different network ports as well as tunnel communication between the Threat Scan server, CommServe server, and MediaAgent, in order to create an isolated scanning server. For more information, see Network Topologies.
Support
-
Threat Analysis for Virtual Server Agent is supported for VMware VSA clients using Indexing V2.
-
Threat Analysis for Virtual Server Agent is supported for the VMs that are restored (out-of-place restore) to VMware. For more information, see Cross-Hypervisor Restores (Virtual Machine Conversion).
-
For Windows, Threat Analysis for Virtual Server Agent is certified for NTFS and FAT32 file systems.
Note
Disk using storage space or from filer servers is not supported.
-
For Linux:
-
The access node must be running the same operating system or a newer version than the guest VM being analyzed.
-
Threat Analysis for Virtual Server Agent is certified for XFS, Ext2, Ext3, and Ext4 file systems.
-
-
Threat Analysis for Virtual Server Agent is supported for VCloud Director clients (Windows and Linux).
Requirements
-
The restore access node must be in same subscription as the restored VM.
-
If you are configuring a dedicated and isolated environment to run Threat Analysis on VMs, the following reference configuration can be used for the ESXi server:
-
CPU: 8 physical cores
-
Memory: 64 GB
-
Network: 10 Gbps (redundant network interfaces are recommended for failover and load balancing)
-
Storage: ~ 2 TB datastore. This will be used as a staging area. Storage requirements are proportional to the number of VMs processed in parallel. The following formula can be used to compute the required storage:
Required storage = 1.25 * 5 * [Number of Threat Scan servers] * [Average VM size]
If you plan to use the VMs hosted on this ESXi server as Threat Scan servers, you can scale the configuration based on the documented hardware requirements for those Threat Scan servers.
-
-
To view the file grid information on the Threat Analysis details page, the user must have browse permissions. Otherwise, the user can view only the graph, not the file grid, with the affected files and their paths.