Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Security and Encryption Guide
  3. Section IV. Malware scanning
  4. Scan host configurations
  5. Configuring scan host
  6. Manual scan host configuration
  7. Configuring NetBackup client as the scan host
NetBackup™ Security and Encryption Guide

Configuring NetBackup client as the scan host

NetBackup malware scanning feature requires configuration of an additional host (a scan-host).

Before configuring scan host ensure that the following prerequisites are met:

See Prerequisites for a scan host.

Configuring NetBackup client as the scan host

  1. Install NFS client by running the following command on PowerShell:

    Install-WindowsFeature -Name NFS-Client

  2. Enable UID mapping by running the following commands on PowerShell to enable NFS user mapping:
    PS C:\Users\Administrator> Set-NfsMappingStore -EnableUNMLookup  $True  -UNMServer localhost
    PS C:\Users\Administrator> nfsadmin mapping
      
    The following are the settings on localhost
      
    Mapping Server Lookup       : Enabled
    Mapping Server              : localhost
    AD Lookup                   : Disabled
    AD Domain 
  3. Run the configuration script as follows:
    • For Linux: /usr/openv/netbackup/bin/goodies/nbscanhostconfigcmd -validate

    • For Windows: install_path\NetBackup\bin\goodies\nbscanhostconfigcmd.exe" -validate

  4. Restart NFS client:

    After updating passwd/group files, restart NFS client service using the following commands:

    nfsadmin client stop

    nfsadmin client start

  5. Verify the ID (UID/GID) mapping for user by running the following command using PowerShell:
    Get-NfsMappedIdentity -AccountName scanuser -AccountType User
    
    UserIdentifier      : 1001
    GroupIdentifier     : 1001
    UserName            : scanuser
    PrimaryGroup        :
    SupplementaryGroups :
    
  6. Configure the Malware scanner tool (Microsoft Defender Antivirus).

    See Configuring Microsoft Defender Antivirus.

For more information on setting up PBX communication, refer to the 'Configuring NetBackup Messaging Broker service to use PBX port' section in the NetBackup Administrator's Guide, Volume I.

Feedback

Was this page helpful?
Previous

Configure malware scan host for Linux NFS share type and Avira

Next

Configuring a scan host pool

Feedback

Was this page helpful?