Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Web UI Administrator's Guide
  5. Section X. Detection and reporting
  7. Malware scanning
  9. Managing scan tasks for malware and YARA scanning
  11. Actions for malware scanned images
NetBackup™ Web UI Administrator's Guide

Actions for malware scanned images

Once you scan the backup images for malware detection, a tabular data is available on the Malware detection home page.

See View the malware scan status.

For each backup image, the following quick configurations are available.

To expire all the copies

  1. On the left, click Detection and reporting > Malware detection.
  2. For the desired scan result, click Actions > Expire all copies.
  3. Confirm to expire all the copies of the selected backup image.

Note:

This option is available only for infected scan results.

To view any infected files

  1. On the left, click Detection and reporting > Malware detection.
  2. For the desired scan result, click Actions > View infected files.

    Note:

    This option is available only for infected scan results and scan type 'Recovery'.

  3. In the Infected files table, search or the desired file, if needed.
  4. If you want to export the list, click Export list.

    Note:

    A list of infected files from the selected malware scanning result is exported in .csv format. The file name is of the following format: backupid_infected_files_timestamp.csv

To export the infected files list

  1. On the left, click Detection and reporting > Malware detection.
  2. For the desired malware affected, click Actions > Export infected files list.

    Note:

    A .csv file contains backup time, names, hashes of the infected files and virus information.

    For Microsoft Windows Defender, if real time protection is enabled, then hashes of the infected files are not created as files are not accessible.

To export the unscannable files list

  1. On the left, click Detection and reporting > Malware detection.
  2. For the desired malware affected, click Actions > Export unscannable files list.

    Note:

    A .csv file contains the list of files that the malware scanner skips due to issues such as file input or output errors, encrypted (password protected) files, etc.

To cancel a malware scan

  1. On the left, click Detection and reporting > Malware detection.
  2. For the wanted scan result, click Actions > Cancel malware scan.

    Note: You can only cancel the malware scan from the "in progress" and the "pending" states.

  3. Click Cancel scan to confirm.

    The status changes to Cancellation in progress.

Note:

The Cancel malware scan is not supported for scan results with scan type 'Recovery'.

To rescan an image

  1. On the left, click Detection and reporting > Malware detection.
  2. For the wanted scan result, click Actions > Rescan image.
  3. Click Rescan to confirm.
  4. For a bulk rescan, when you select one or more images with a different or am empty scanner host pool, you must select a new scanner host pool.

    • Click Rescan image.

    • Select a new scan host pool.

      The new scan host pool is applicable for all the selected images for this rescan.

    • Click Rescan to confirm.

      Rescan (and resume) is not supported for scan results with scan type recovery.

  5. For a rescan of failed or canceled jobs, scanning is triggered from the point of failure (resumed) instead of from a complete scan, under the following conditions:

    • If the value of Date of scan is more than 48 hours, then the job is not resumed and the full scan is initiated. This action ensures that the malware signatures that are used for the scan do not differ significantly.

    • Supported for Standard or MS-Windows policy backup images that have a large number of files (> 500 KB). For a DNAS policy, it is supported for more than one stream.

    • Instant Access must have succeeded for the failed job.

    • Resume identifies the first instant access capable copy to scan, which can be different from the copy that was selected for the initial scan request.

    After the job is resumed the existing scan result is moved from the state "failed" to "pending" and subsequently to an "in-progress" state. The progress update can continue from the point of failure. For a complete rescan the new scan result is displayed. If the user needs to perform a complete scan, then it can be started using the on-demand scan options.

To delete the scan results

  1. On the left, click Detection and reporting > Malware detection.
  2. Any scan results that are in a "failed" or "canceled" state can be deleted manually. Click Actions > Delete scan results.
  3. Click Yes to confirm the deletion of the selected scan results.

    You can select a maximum of 20 scan results to delete.

To view the details of a scan result

  1. On the left, click Detection and reporting > Malware detection.
  2. Click Actions > View details to view details for the backup images with individual batch level.

    Note:

    The View details option is available only for the scan results that are in "failed" or "in progress" state.

  3. On the View details page, you can copy information to the Clipboard. Click Actions > Copy failure details or Actions > Copy the scan results.
  4. Click Close.

Feedback

Was this page helpful?
Previous

View the malware scan status

Next

Recover from malware-affected images (clients protected by policies)

Feedback

Was this page helpful?