Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Security and Encryption Guide
  3. Section IV. Malware scanning
  4. Introduction
  5. About file hash search with malware hash
NetBackup™ Security and Encryption Guide

About file hash search with malware hash

For a NetBackup domain that is not managed by Alta View and with a configured file hash server, NetBackup version 10.5.0.1 or later provides the feature of file hash search with malware hash.

This feature complements the existing malware scanning service and provides the capabilities of identifying malware from backup images. When malware scan reports an infected status, an automated file hash search job navigates through the NetBackup images to identify an IOC (indicator of compromise).

When a malware is found by malware scanning, the file hash value (SHA-256) of the malware is stored in Enterprise Media Manager (EMM) database if no matching record exists in the database.

Every 8 hours, the most recent malware hash values (max 10,000 records) from the database are submitted to the triggered file hash search job request with MALWARE as the search tag. The result of the file hash search job is available in the Activity monitor of NetBackup Web UI. An audit message that contains the file hash search job ID and file hash search request ID is also generated. The message can be found under the Audit Events tab of Security events menu in the Security pane of NetBackup Web UI. Use the FILE_HASH_SEARCH_INTERVAL_SECONDS option to configure the interval between search jobs that are triggered.

Every 24 hours, the records stored in NetBackup database that have not been updated for the past 30 days are removed for maintenance purpose. Use the MALWARE_HASH_RETENTION_DAYS option to configure the number of days when a malware hash is treated as outdated.

See Malware hash configuration parameters.

Note the following:

The file hash search computation is supported for the following types of backup policies:

  • NAS-Data-Protection

  • Windows

  • Standard

The file hash search job may report a matching malware if there is any for the backup images of the above types of backup policies.

Feedback

Was this page helpful?
Previous

About dynamic scan

Next

Limitations

Feedback

Was this page helpful?