Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Security and Encryption Guide
  5. Backup anomaly detection
  7. Anomaly configuration to enable automatic scanning
NetBackup™ Security and Encryption Guide

Anomaly configuration to enable automatic scanning

The anomaly detection process can trigger malware scan for those anomalies that have high severity. Use the configuration file on the primary server to do the required settings.

See About malware detection.

See Prerequisites for a scan host.

To enable automatic malware scan for the images on which an anomaly was detected

  1. Create the anomaly_config.conf configuration file on the primary server on the given location:

    On Windows : Install_Path\NetBackup\var\global\anomaly_detection

    On UNIX : /usr/openv/var/global/anomaly_detection

  2. Add the following contents in the anomaly_config.conf configuration file:

    #Use this setting to start malware scan on anomaly detected image automatically.

    [AUTOMATED_MALWARE_SCAN_SETTINGS]

    ENABLE_AUTOMATED_SCAN=1

    # Enable all clients. In this case pool mentioned SCAN_HOST_POOL_NAME will be used for clients not mentioned

    # under batch

    ENABLE_ALL_CLIENTS=1

    SCAN_HOST_POOL_NAME=<scan_host_pool_name> # Default pool name

    #Use specific pool for mentioned clients

    NUM_CLIENTS_BATCH_SPECIFIED=2

    ENABLE_SCAN_ON_SPECIFIC_CLIENT_1=client1,client2

    SCAN_HOST_POOL_NAME_1=<scan_host_pool_for_batch_1>

    ENABLE_SCAN_ON_SPECIFIC_CLIENT_2=client3,client4

    SCAN_HOST_POOL_NAME_2=<scan_host_pool_for_batch_2>

  3. Note that SCAN_HOST_POOL_NAME is a mandatory field.

    For the ENABLE_SCAN_ON_SPECIFIC_CLIENT_n option, you should specify complete client names.

  4. Ensure that all settings are under [AUTOMATED_MALWARE_SCAN_SETTINGS]. Review the following descriptions of the settings:

    ENABLE_AUTOMATED_SCAN=1

    Starts malware scan on anomalies with high score.

    ENABLE_ALL_CLIENTS=1

    Enable all clients for scan. If this value is 0, scanning happens only on the clients that are mentioned for the following option:

    ENABLE_SCAN_ON_SPECIFIC_CLIENT_<Batch_Number>

    NUM_CLIENTS_BATCH_SPECIFIED=<batches> - This option specifies the number of batches for different scan host pool. For example, if you want to use a specific scan host pool for a set of clients, use this setting.

  5. Do the following to automatically trigger malware scan for various severity levels of anomalies:

    • For low severity anomaly, set the TRIGGER_SCAN_FOR_LOW_SEVERITY option as follows:

      TRIGGER_SCAN_FOR_LOW_SEVERITY=1

    • For medium severity anomaly, set the TRIGGER_SCAN_FOR_MEDIUM_SEVERITY option as follows:

      TRIGGER_SCAN_FOR_MEDIUM_SEVERITY=1

    • To automatically trigger malware scan for the anomaly score that is greater than or equal to the given value, set the TRIGGER_SCAN_FOR_SCORE_GREATER_THAN option to a positive value.

      For example:

      TRIGGER_SCAN_FOR_SCORE_GREATER_THAN=2.5

Feedback

Was this page helpful?
Previous

View anomalies

Next

Malware detection

Feedback

Was this page helpful?