Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Web UI Cloud Administrator's Guide
  5. Managing and protecting cloud assets
  7. Scan for malware
  9. Scanning backup images
NetBackup™ Web UI Cloud Administrator's Guide

Scanning backup images

This section describes the procedure for scanning client backup images of a particular policy for malware.

To scan policy of client backup images for malware

  1. On the left, select Detection and reporting > Malware detection.
  2. On the Malware detection page, select Scan for malware.
  3. In the Search by option, select Backup images.

    Select one of the following scan types:

    • Malware scan - Select this option to scan images using default malware scan.

    • YARA scan - Select this option to scan images using YARA rules.

      Click the Select threat feeds option.

      On the Select threat feeds for scanning dialog box, select the required YARA rules or a zip file of YARA rules that you have uploaded earlier.

    All the following steps are applicable for the scan type: Malware scan.

  4. In the Scanner host pool option, search and select the appropriate host pool name from the list of scanner host pools listed in Select malware scanner host pool.

    Note:

    Scan host from the selected scan host pool must be able to access the instant access mount created on the storage server which is configured with NFS/SMB share type.

  5. In the search criteria, review and edit the following:

    • Policy name

      Only supported policy types are listed.

    • Client name

      Displays the clients that have backup images for a supported policy type.

    • Policy type

      Displays all the supported policies which are enabled for malware scanning.

    • Type of backup

    • Copies

      If the selected copy does not support instant access, then the backup image is skipped for the malware scan.

    • Disk pool

      MSDP (PureDisk), OST (for example, Data Domain) and AdvancedDisk storage type disk pools are listed.

    • Disk type

      MSDP (PureDisk), OST (for example, Data Domain) and AdvancedDisk disk types are listed.

    • Infection status

      The malware infected status of the backup images can be searched based on the following types: infection detected by malware scan, file hash search, not infected, not scanned or all.

    • For the Select the timeframe of backups, verify the date and the time range or update it.

    • On selecting the Abort malware scan on detecting an infection option, clean recovery would not be supported for infected images.

  6. Click Search.
  7. Select the search criteria and ensure that the selected scan host is active and available.
  8. From the Select the backups to scan table select one or more images for scan.
  9. Click Scan for malware.
  10. After the scan is initiated, the Scan status is displayed.

    The following are the status fields:

    • Not scanned

    • Not infected

    • Infected

    • Failed

      Hover over the status to view the reason for the failed scan.

    • In progress

    • Pending

      Note:

      You can cancel the malware scan for one or more in progress and pending jobs.

    • Infected - Malware scan aborted

Feedback

Was this page helpful?
Previous

Scan for malware

Next

Assets by workload type

Feedback

Was this page helpful?