Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Security and Encryption Guide
  3. Section IV. Malware scanning
  4. Performing malware scan
  5. Perform a malware scan
  6. Scanning backup images
NetBackup™ Security and Encryption Guide

Scanning backup images

This section describes the procedure for scanning client backup images of a particular policy for malware.

To scan policy of client backup images for malware

  1. On the left, click Detection and reporting > Malware detection.
  2. On the Malware detection page, click Scan for malware.
  3. In the Search by option, select Backup images.
  4. In the search criteria, review and edit the following:
    • Policy name

      Only supported policy types are listed.

    • Client name

      Displays the clients that have backup images for a supported policy type.

    • Policy type

      Displays all the supported policies which are enabled for malware scanning.

      Note:

      Nutanix-AHV policy would display Nutanix-AHV images, if the backups are taken via Nutanix-AHV policy.

      Warning:

      The Hypervisor policy type displays Nutanix AHV and RHV images. NetBackup supports malware scanning only for Nutanix AHV images.

    • Type of backup

      Any incremental backup images that do not have the NetBackup Accelerator feature enabled are not supported for the VMware workload.

    • Copies

      If the selected copy does not support instant access, then the backup image is skipped for the malware scan.

    • Disk pool

      MSDP (PureDisk), OST (DataDomain) and AdvancedDisk storage type disk pools are listed.

    • Disk type

      MSDP (PureDisk), OST (DataDomain) and AdvancedDisk disk types are listed.

    • Infection status

      The malware infected status of the backup images can be searched based on the infection detected by malware scan, file hash search, not infected, not scanned or all.

    • For the Select the timeframe of backups, verify the date and the time range or update it.

  5. Click Search.

    Select the search criteria and ensure that the selected scan host is active and available.

  6. From the Select the backups to scan table select one or more images for scan.
  7. In the Select a malware scanner host pool, Select the appropriate host pool name.

    Note:

    Scan host from the selected scan host pool must be able to access the instant access mount created on the storage server which is configured with NFS/SMB share type.

  8. Click Scan for malware.
  9. After the scan is initiated, the Scan status is displayed.

    The following are the status fields:

    • Not scanned

    • Not infected

    • Infected

    • Failed

      Hover over the status to view the reason for the failed scan.

      Note:

      Any backup images that fail the validation are ignored. Malware scanning is supported for the backup images that are stored on storage with instant access capability and for the supported policy types only.

    • In progress

    • Pending

      Note:

      You can cancel the malware scan for one or more in progress and pending jobs.

Feedback

Was this page helpful?
Previous

Perform a malware scan

Next

Assets by policy type

Feedback

Was this page helpful?