> Software > Threat Analysis > Virtual Server Agent

Virtual Machine Threat Analysis Scan

Using the Virtual Machine Threat Analysis Scan workflow, you can run out-of-place restores of VMs to VMware and VCloud Directory, and then scan the restored VMs for potential malware infections. Detected malware can be viewed on the Threat Indicators dashboard as a threat analysis anomaly.

Using the Virtual Machine Threat Analysis Scan workflow, you can do the following:

  • Scan all VMs in the selected server group, or scan only the VMs that were not scanned or which were not completed in the previous workflow scan.

  • Delete the restored VMs after the threat analysis scan finishes.

  • Run an incremental scan (for Innovation Release 11.38 and later releases only).

Before You Begin

  • Download the Virtual Machine Threat Analysis Scan workflow from the Commvault Store, and then import and deploy the workflow in your CommCell environment.

    Note

    Only CommCell administrators or users with administrative permissions can access, create, and edit workflows on the Developer tools > Workflows page. For more information about creating and editing workflows, see Creating and Managing Workflows.

Procedure

  1. Configure a server group for the VMs to be scanned.

  2. Configure a server group for the access node to be used.

  3. Run the Virtual Machine Threat Analysis Scan workflow. For more information running workflows, see Executing a Workflow.

  4. In the Select the source VM and restore option dialog box, do the following:

    • In Client group for vm to be scanned, select the server group for the VM to be scanned.

    • In Client group for access nodes, select the server group for access nodes.

    • In Destination hypervisor client, select the destination VMare hypervisor client.

    • In Destination ESX host, enter the restore destination ESX host name or IP address.

    • In destDataStore, enter the restore destination datastore name.

    • If you want to rescan all VMs in the selected server group, slide the Rescan all VMs in the group toggle key to the right. This will scan only the VMs that were not scanned or which were not completed in the previous workflow scan.

  5. Click OK.

Page contents

×

Loading...