Limitations
Client-side encryption and client-based compressed backups are unavailable for scanning using Instant Access mount points. MSDP KMS-based encryption techniques are recommended and can be configured (See the NetBackup Security and Encryption Guide.)
User archive backups and synthetic backups are unavailable for scanning using Instant Access mount points.
For VMware and Hyper-V: Incremental backup images without accelerator feature enabled are not supported for VMware workload.
Windows EFS files/folders are unavailable for scanning using Instant Access mount points.
(For OST and AdvancedDisk) Supports malware scan for unstructured data only. For more information, see the NetBackup Software Compatibility List.
NetBackup does not support SMB share type on AKS/EKS Active Directory platform. For more information, see the NetBackup Deduplication Guide.
NetBackup images replicated to different NetBackup domain must be scanned in the target domain again. Malware scan detailed status (for example, infected file list, malware scanner used, signature information) of the backup images in the source domain is not preserved during replication.
Back-level compatibility for media servers and old backup images on upgraded media servers is only supported from NetBackup version 10.3 onwards. This support is applicable to workload type support provided in NetBackup version 10.4 or later.
During the clean file recovery for the selected time range, NetBackup would provide a list of infected files to be excluded and to include clean copy of the file if found in the previous backup. Clean file recovery is not triggered if the list of files to be included/excluded exceeds the maximum limit of 4000 files and fails with an error message.
Clean file recovery is not supported for True image backups type of restore.
Starting with NetBackup 10.3, if malware scan is run for a client-side encrypted backup, all the files are skipped. A notification is generated for the skipped file and displayed in the NetBackup Web UI.
Malware scan result of the AIR replicated image may appear as if replication appears before the malware scan is completed. Malware scan can take longer time to complete depending on the number of files in the backup and other malware scans which are in progress.
(For Flex application as the scan host)
In the event that the scan host pool is accidentally deleted, the user must manually add the new pool using the
POST API /malware/scan-host-poolswith the set to . The existing scan host must then be added to the new pool.When a Flex configuration is configured for High Availability (HA), the application is deactivated when it is stopped. However, the host is automatically activated as a result of fail over operation. The intention was not to send the scan requests to this host; however, the users must ensure that this scan host is available to conduct fresh scans due to the availability of another instance.
(For VxMS based Instant Access scan)
The VxMS based Instant Access scan is supported only for BYO, NetBackup Appliances, and Flex Appliance.
When a VM contains a filesystem unsupported by VxMS, and a backup is created using the opyion, VxMS will fail to create a catalog for this backup. As a result, any malware scan carried out on such a backup will not scan the files associated with the unsupported filesystem. Do not enable the option in the backup policy for these VMs.
When the recovery time scan option is selected, infected files are skipped if the backup images selected for malware scan and recovery have already been scanned and marked as infected. To recover these files, select the option.