Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Security and Encryption Guide
  3. Section IV. Malware scanning
  4. Performing malware scan
  5. Performing malware scan before recovery
NetBackup™ Security and Encryption Guide

Performing malware scan before recovery

The following table provides the scenarios when the Scan for malware before recovery option is enabled/disabled:

Note:

For Hyper-V backup images, user cannot perform malware scan before recovery.

Scenarios

Enabled

If user does not have RBAC permissions to trigger malware scan.

No

If primary copy is snapshot (NAS-Data-Protection) in any of the selected backup images.

Note:

In selected date range, user must select backup image as the primary copy to trigger recovery time scan.

Images in selected date range must only be in the backup format (combination of backup and snapshot is not supported).

No

If scan host pool is not configured.

No

To perform malware scan before recovery of files/folders

  1. On the left, click Recovery.
  2. Under Regular recovery, click Start recovery.
  3. Select the following properties:

    Source client

    The client that performed the backup.

    Destination client

    The client to which you want to restore the backup.

    Policy type

    The type of policy that is associated with the backup you want to restore.

    Restore type

    The type of restore that you want to perform. The restore types that are available depend on the policy type that you choose.

  4. Click Next.

    The following warning message is displayed when images which are not scanned are selected for recovery:

    One or more images selected for recovery are not scanned.
  5. In the Recovery details page:
    • Edit the Date range in the Use date picker option.

      Or

      Click Use backup history to view and select specific images.

      Note:

      The table displays all the backup image details for selected time frame. You can filter and sort the images based on the malware scan results, schedule type, or policy name.

    • Click Apply to apply the date changes or add the selected images for recovery.

  6. To perform the malware scan of files/folders selected for recovery, select the Scan for malware before recovery option.

    User will be able to list Most recent files/folders when Scan for malware before recovery option is selected.

    Note:

    The Allow the selection of images that are malware-affected option will be disabled if user selects Scan for malware before recovery option.

  7. On the left, expand the Source client directory. Select any directories that you want to restore. Or in the right pane, select any files or directories. Click Next.
  8. Select the Restore target and the Recovery options.
  9. Select one of the following options under Malware scan and recover option for files infected with malware:
    • If any files are infected with malware, recover only uninfected files (clean)

    • If any files are infected with malware, recover the latest clean copy of the files within the selected date range

    • If any files are infected with malware, recover all files, including infected files

    • If any files are infected with malware, do not perform the recovery job

    Select a malware scanner host pool and click Next.

  10. In the Review page, view the summary of all the selections that you made, and click:
    • Start recovery

      Or

    • (Applicable when Scan for malware before recovery is selected) Start scan and recovery

You can see the progress of the restore job in the Activity monitor.

Note:

For NAS-Data-Protection policy type multiple recovery jobs can be triggered for multi-volume restore. A comma separated list of Job IDs one per volume is displayed. The recovery job column would display only one Job ID NetBackup.

Feedback

Was this page helpful?
Previous

Performing malware scan

Next

Perform a malware scan

Feedback

Was this page helpful?