Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Security and Encryption Guide
  3. Section IV. Malware scanning
  4. Scan host configurations
  5. Configuring scan host
  6. Manual scan host configuration
  7. Configure malware scan host for Windows NFS share type and Microsoft Defender
NetBackup™ Security and Encryption Guide

Configure malware scan host for Windows NFS share type and Microsoft Defender

NetBackup malware scanning feature requires configuration of an additional host (a scan-host).

Before configuring scan host ensure that the following prerequisites are met:

See Prerequisites for a scan host.

Scan host configuration

  1. Install OpenSSH:

    Note:

    For Windows 2019, OpenSSH server feature can be enabled.

    • Download OpenSSH package from https://github.com/PowerShell/Win32-OpenSSH/releases and extract it to C:\Program Files folder.

    • Add C:\Program Files to environment variable PATH.

    • Open PowerShell and run it as an administrator.

    • Navigate to C:\Program Files and run the following commands to install sshd and enable port 22:

      powershell.exe -ExecutionPolicy Bypass -File install-sshd.ps1

      netsh advfirewall firewall add rule name=sshd dir=in action=allow protocol=TCP localport=22

      sc.exe config sshd start= auto

      net start sshd

  2. Install NFS client by running the following command on PowerShell:

    Install-WindowsFeature -Name NFS-Client

  3. Enable UID mapping:
    • Run the following commands on PowerShell to enable NFS user mapping:

      PS C:\Users\Administrator> Set-NfsMappingStore -EnableUNMLookup  $True  -UNMServer localhost
      PS C:\Users\Administrator> nfsadmin mapping
        
      The following are the settings on localhost
        
      Mapping Server Lookup       : Enabled
      Mapping Server              : localhost
      AD Lookup                   : Disabled
      AD Domain 
    • Create the passwd and group files as follows:

      Note:

      Ensure that the file extension is not created. The entry that is created must be in the file type format.

      • C:\Windows\System32\drivers\etc\passwd file:

        <scanuser>:x:<uid>:<uid>:Description:C:\Users\<scanuser>

        For example,

        C:\Windows\System32\drivers\etc\passwd - scanuser:x:1000:1000:Description:C:\Users\scanuser
      • C:\Windows\System32\drivers\etc\group file:

        <scanuser>:x:<uid>:<uid>

        For example,

        C:\Windows\System32\drivers\etc\group  - scanuser:x:1000:1000

      Note:

      For scanning VMWare and Cloud images on Windows scan host, enable nfsadmin mapping to UID/GID 0. Scan user must be an administrator.

      passwd file content - Administrator:x:0:0:Description:C:\Users\Administrator

      group file content - Administrator:x:0:0

  4. Restart NFS client:

    After updating passwd/group files, restart NFS client service using the following commands:

    nfsadmin client stop

    nfsadmin client start

  5. Verify the ID (UID/GID) mapping for user by running the following command using PowerShell:
    Get-NfsMappedIdentity -AccountName scanuser -AccountType User
    
    UserIdentifier      : 1001
    GroupIdentifier     : 1001
    UserName            : scanuser
    PrimaryGroup        :
    SupplementaryGroups :
    
  6. Install VC runtime:

    Download and install VC runtime package from https://aka.ms/vs/17/release/vc_redist.x64.exe.

  7. Configure the Malware scanner tool (Microsoft Defender Antivirus).

    See Configuring Microsoft Defender Antivirus.

Feedback

Was this page helpful?
Previous

Manual scan host configuration

Next

Configure malware scan host for Linux NFS share type and Avira

Feedback

Was this page helpful?