Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Security and Encryption Guide
  3. Section IV. Malware scanning
  4. Scan host configurations
  5. Prerequisites for a scan host
NetBackup™ Security and Encryption Guide

Prerequisites for a scan host

A scan host is a host machine that has the required malware tool configured. Once it is integrated with NetBackup, NetBackup initiates scanning on the scan host.

Ensure that you meet the following prerequisites:

  • The minimum required configuration for the scan host is 8 CPU and 32-GB RAM.

  • The malware tool must be installed and configured.

  • For the supported operating systems of the scan host, refer to the Software Compatibility List.

  • The scan host must have a share type configured, that is, an NFS or an SMB client.

  • If the scan host connectivity type is Agentless host:

    • NetBackup footprint is not required on the scan host. The existing systems with the NetBackup client or media server can be used as scan host, too.

    • The scan host must be reachable from the media server over SSH.

      Note:

      The SSH connection to the scan host from the media server must be successful. You can verify this connection by running the following command from the media server:

      ssh scanuser@scanhost

    If the scan host connectivity type is NetBackup client:

    • NetBackup footprint is required on the scan host.

    • The NetBackup primary server and the media server providing the Instant Access mounts must be reachable from the NetBackup client.

    • By default, the NetBackup client scan host would be in a deactivate state. After adding NetBackup client scan host to scan host pool you must activate the scan host.

      See Activate or deactivate the scan host.

  • The malware tool uses the temporary location to store the files that are created during the malware scan. The path of the temporary location is configured in the web UI in the Malware global settings. Ensure that the user has write permissions to this path.

    For archive scanning purposes, it is recommended to have the free disk space of 10 GB on the scan host.

    Note:

    (Applicable for NetBackup version 10.0 and later) Any other malware scanner tools that are installed on the scan host with on-access/real time protection enabled can interfere with backup scanning. Disable or add NFS/SMB mounts on the scan host to the exclusion list of the scanner.

    For example, on a Windows scan host, the user must disable the Real time protection option of the Windows Defender while the malware scan is in progress.

  • Depending on the platform, ensure that the following additional prerequisites are met:

    Windows:

    Linux:

Note:

It is recommended to keep only the required ports open for malware scanning.

Allow NFS/SMB read from the NetBackup storage server. Refer to NetBackup Network Ports Reference Guide.

Allow SSH from the NetBackup media server (used for connecting to scan host).

Allow Malware signature updates. The updates that are needed depend on the malware scanner that is used. For NetBackup Malware Scanner, the update happens over HTTPS (https://oem.avira-update.com/update).

More Information

Prerequisites for Windows scan host

Prerequisites for Linux scan host

Feedback

Was this page helpful?
Previous

NetBackup malware scan host capabilities

Next

Prerequisites for Windows scan host

Feedback

Was this page helpful?