On a Windows CommServe server, by default, the Commvault software protects the disaster recovery (DR) backup folder paths, whether local or UNC, from ransomware attacks.
The processes of third-party software. such as ransomware, are not allowed to modify, delete, or access the files on the backup folder paths. This restriction includes OS-level operations that write, modify, or delete data. Files can be copied from the backup folder paths, but paste and copy operations are not allowed.
On a UNC path, to ensure full protection of the DR backup data, restrict permissions to only a specific Commvault backup user that has write, modify, and delete permissions. Do not give write, modify, or delete permissions on this network share to any other users. The only potential exceptions are system and other important accounts such as admin, which might require these permissions in order to browse and mount the folder path locally. Generally, restrict permissions to the network share as much as possible.
Additional Information
-
The Commvault software automatically detects ransomware and generates alerts and event messages as notifications. The ransomware check occurs once every 4 hours. For more information, see Ransomware Protection.
-
Administrative shares pose a security vulnerability on DR backup folder paths and must be disabled on the server hosting the shares. For more information, see Removing Administrative Shares from Windows Servers.