Configure malware scan host for Windows NFS share type and Microsoft Defender
NetBackup malware scanning feature requires configuration of an additional host (a scan-host).
Before configuring scan host ensure that the following prerequisites are met:
See Prerequisites for a scan host.
Scan host configuration
- Install OpenSSH:
Note:
For Windows 2019, OpenSSH server feature can be enabled.
Download OpenSSH package from https://github.com/PowerShell/Win32-OpenSSH/releases and extract it to
C:\Program Filesfolder.Add
C:\Program Filesto environment variable PATH.Open PowerShell and run it as an administrator.
Navigate to
C:\Program Filesand run the following commands to installsshdand enable port 22:powershell.exe -ExecutionPolicy Bypass -File install-sshd.ps1
netsh advfirewall firewall add rule name=sshd dir=in action=allow protocol=TCP localport=22
sc.exe config sshd start= auto
net start sshd
- Install NFS client by running the following command on PowerShell:
Install-WindowsFeature -Name NFS-Client
- Enable UID mapping:
Run the following commands on PowerShell to enable NFS user mapping:
PS C:\Users\Administrator> Set-NfsMappingStore -EnableUNMLookup $True -UNMServer localhost PS C:\Users\Administrator> nfsadmin mapping The following are the settings on localhost Mapping Server Lookup : Enabled Mapping Server : localhost AD Lookup : Disabled AD Domain
Create the
passwdandgroupfiles as follows:Note:
Ensure that the file extension is not created. The entry that is created must be in the file type format.
C:\Windows\System32\drivers\etc\passwdfile:<scanuser>:x:<uid>:<uid>:Description:C:\Users\<scanuser>
For example,
C:\Windows\System32\drivers\etc\passwd - scanuser:x:1000:1000:Description:C:\Users\scanuser
C:\Windows\System32\drivers\etc\groupfile:<scanuser>:x:<uid>:<uid>
For example,
C:\Windows\System32\drivers\etc\group - scanuser:x:1000:1000
Note:
For scanning VMWare and Cloud images on Windows scan host, enable
nfsadminmapping to UID/GID 0. Scan user must be an administrator.passwd file content - Administrator:x:0:0:Description:C:\Users\Administratorgroup file content - Administrator:x:0:0
- Restart NFS client:
After updating
passwd/groupfiles, restart NFS client service using the following commands:nfsadmin client stop
nfsadmin client start
- Verify the ID (UID/GID) mapping for user by running the following command using PowerShell:
Get-NfsMappedIdentity -AccountName scanuser -AccountType User UserIdentifier : 1001 GroupIdentifier : 1001 UserName : scanuser PrimaryGroup : SupplementaryGroups :
- Install VC runtime:
Download and install VC runtime package from https://aka.ms/vs/17/release/vc_redist.x64.exe.
- Configure the Malware scanner tool (Microsoft Defender Antivirus).