Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Security and Encryption Guide
  3. Section IV. Malware scanning
  4. Scan host configurations
  5. Configuring scan host
  6. Manual scan host configuration
  7. Configuring NetBackup client as the scan host
NetBackup™ Security and Encryption Guide

Configuring NetBackup client as the scan host

NetBackup malware scanning feature requires configuration of an additional host (a scan-host).

Before configuring scan host ensure that the following prerequisites are met:

See Prerequisites for a scan host.

Configuring NetBackup client as the scan host

  1. Install NFS client by running the following command on PowerShell:

    Install-WindowsFeature -Name NFS-Client

  2. Enable UID mapping by running the following commands on PowerShell to enable NFS user mapping:
    PS C:\Users\Administrator> Set-NfsMappingStore -EnableUNMLookup  $True  -UNMServer localhost
    PS C:\Users\Administrator> nfsadmin mapping
      
    The following are the settings on localhost
      
    Mapping Server Lookup       : Enabled
    Mapping Server              : localhost
    AD Lookup                   : Disabled
    AD Domain 
  3. Run the configuration script as follows:
    • For Linux: /usr/openv/netbackup/bin/goodies/nbscanhostconfigcmd -validate

    • For Windows: C:\Program Files\Veritas\NetBackup\bin\goodies\nbscanhostconfigcmd.exe" -validate

  4. Restart NFS client:

    After updating passwd/group files, restart NFS client service using the following commands:

    nfsadmin client stop

    nfsadmin client start

  5. Verify the ID (UID/GID) mapping for user by running the following command using PowerShell:
    Get-NfsMappedIdentity -AccountName scanuser -AccountType User
    
    UserIdentifier      : 1001
    GroupIdentifier     : 1001
    UserName            : scanuser
    PrimaryGroup        :
    SupplementaryGroups :
    
  6. Configure the Malware scanner tool (Microsoft Defender Antivirus).

    See Configuring Microsoft Defender Antivirus.

Setting up PBX communication

If required user can use the PBX port communication feature for the communication between the primary server and the scan host.

Following are the steps required to set up PBX communication:

On primary server:

  • Using the following command stop the mqbroker service (or stop all services):

    • For Linux: /usr/openv/mqbroker/bin/nbmqbroker terminate

    • For Windows: C:\Program Files\Veritas\NetBackup\mqbroker\bin\nbmqbroker.exe -stop

  • Configure mqbroker using the following respective command:

    • For Linux: /usr/openv/mqbroker/bin/install/configureMQ -defaultPorts

    • For Windows: C:\Program Files\Veritas\NetBackup\mqbroker\bin\install\configureMQ.bat -defaultPorts

    In the above commands, -defaultPorts sets the default port values for external and internal ports as follows:

    Default external port: 13781

    Default internal ports: 13780, 13779, 13778

    To set the port values other than the default values, see the options by running the following command:

    For Linux: /usr/openv/mqbroker/bin/install/configureMQ --help

    For Windows: C:\Program Files\Veritas\NetBackup\mqbroker\bin\install\configureMQ --help

  • Add the above configured external port to the configuration file.

    Default: 13781

    NB_MQBROKER_PORT = 13781

    For Linux, add the entry in bp.conf file.

    For Windows, add DWORD entry in registry editor.

  • Using the following command start the mqbroker service (or start all services):

    • For Linux: /usr/openv/mqbroker/bin/nbmqbroker start

    • For Windows: C:\Program Files\Veritas\NetBackup\mqbroker\bin>nbmqbroker.exe -start

On scan host client:

  • Stop all the services.

  • To use PBX port, add the entry in bp.conf file:

    SCAN_HOST_VIA_PBX = 1

    For Linux, add the entry in bp.conf file.

    For Windows, add DWORD entry in registry editor.

  • Start all the services.

In case you happened to run the configure MQ command twice, the fix the issue using the following steps:

  • Delete the /usr/openv/var/global/mqbroker/mqhome/.erlang.cookie file.

  • Configure the PBX connection again using the above mentioned steps.

Feedback

Was this page helpful?
Previous

Configure malware scan host for Linux NFS share type and Avira

Next

Configuring a scan host pool

Feedback

Was this page helpful?