Limitations and considerations for scan host using NFS share
Following is a limitation for Windows operating system and NetBackup Malware Scanner (Avira) version 2.3:
A Windows scan host with Windows Defender malware tool, file paths having non-English characters will not get scanned. These are skipped during a scan. Thus, the number of files scanned reported on Web UI could be less than the total files in that image.
If the malware scan encountered files could not be scanned for any reason, then the following message is displayed:
Malware scan encountered <number of files> files which could not be scanned.
A report of files that were skipped can be obtained by clicking on .
The built-in administrator account can be used as the scan user and would be able to scan all types of images. This account would be disabled on production servers for security consideration.
Hence a non-administrator local user (for example, name: scan-user) must be created and added to the group. To enhance the security, map the account identity to secure the interactions with NFS shares. Active Directory integration is not required when using the local and files located at the following location:
C:\windows\system32\drivers\etc\passwd C:\windows\system32\drivers\etc\group
When scanning images of Standard and MS-Windows policy type, the local scan-user account must have UserIdentifier (UID) permissions set to non-zero value.
For example, UID 1001 is added to the and file:
passwd file:
scan-user:x:1001:1001:Description:C:\Users\scan-usergroup file:
scangroup:x:1001:1001When scanning images of VMware and cloud workloads, the scan-user account must have UserIdentifier (UID) permissions set to 0 value. Modify the and files as follows:
passwd file:
scan-user:x:0:0:Description:C:\Users\scan-usergroup file:
scangroup:x:0:0As the permissions differ for the scan-user account (depending on the type of image to be scanned), it is required to have 2 separate Windows scan hosts for provisioning, each with a unique local account and UID permissions.
Prior to initiating an on-demand scan, select specific scanhost pool which has the desired scan host. To avoid provisioning two separate Windows scan hosts, use a non-admin user account (nfsnobody), then set the UID mapping to 0 value.