Scanning backup images
This section describes the procedure for scanning client backup images of a particular policy for malware.
To scan policy of client backup images for malware
- On the left, select Detection and reporting > Malware detection.
- On the Malware detection page, select Scan for malware.
- In the Search by option, select Backup images.
Select one of the following scan types:
Malware scan - Select this option to scan images using default malware scan.
YARA scan - Select this option to scan images using YARA rules.
Click the Select threat feeds option.
On the Select threat feeds for scanning dialog box, select the required YARA rules or a zip file of YARA rules that you have uploaded earlier.
See About YARA scanning.
- All the following steps are applicable for the scan type: Malware scan.
In the Scanner host pool option, search and select the appropriate host pool name from the list of scanner host pools listed in Select malware scanner host pool.
Note:
Scan host from the selected scan host pool must be able to access the instant access mount created on the storage server which is configured with NFS/SMB share type.
- In the search criteria, review and edit the following:
Policy name
Only supported policy types are listed.
Client name
Displays the clients that have backup images for a supported policy type.
Policy type
Displays all the supported policies which are enabled for malware scanning.
Note:
The Nutanix-AHV policy displays Nutanix-AHV images if the backups are taken from a Nutanix-AHV policy and Protection plan backups.
Warning:
The Hypervisor policy type displays Nutanix AHV and RHV images. NetBackup supports malware scanning only for Nutanix AHV images.
Type of backup
Any incremental backup images that do not have the NetBackup Accelerator feature enabled are not supported for the VMware workload.
Copies
If the selected copy does not support instant access, then the backup image is skipped for the malware scan.
(For NAS-Data-Protection policy type) Select the Copies as Copy 2.
Disk pool
MSDP (PureDisk), OST (for example, Data Domain) and AdvancedDisk storage type disk pools are listed.
Disk type
MSDP (PureDisk), OST (for example, Data Domain) and AdvancedDisk disk types are listed.
Infection status
The malware infected status of the backup images can be searched based on the following types: infection detected by malware scan, file hash search, not infected, not scanned or all.
For the Select the timeframe of backups, verify the date and the time range or update it.
On selecting the Abort malware scan on detecting an infection option, clean recovery would not be supported for infected images.
- Click Search.
- Select the search criteria and ensure that the selected scan host is active and available.
- From the Select the backups to scan table select one or more images for scan.
- Click Scan for malware.
- After the scan is initiated, the Scan status is displayed.
The following are the status fields:
Not scanned
Not infected
Infected
Failed
Hover over the status to view the reason for the failed scan.
Note:
Any backup images that fail the validation are ignored. Malware scanning is supported for the backup images that are stored on storage with instant access capability and for the supported policy types only.
In progress
Pending
Note:
You can cancel the malware scan for one or more in progress and pending jobs.
Infected - Malware scan aborted