Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Web UI Administrator's Guide
  5. Section X. Detection and reporting
  7. YARA scanning
  9. Scanning backup images with YARA scanner
NetBackup™ Web UI Administrator's Guide

Scanning backup images with YARA scanner

Use this topic to scan images with YARA scanner.

To scan images with YARA scanner

  1. On the left, click Detection and reporting > Malware detection.
  2. Click Scan for malware.
  3. In the Search by option, select Backup images.
  4. Select YARA scan as the scan type.
  5. Click the Select threat feeds option.

    On the dialog box, select the required YARA rule files or .zip file and click Select.

  6. In the search criteria, review and edit the following:

    • Policy name - Only supported policy types are listed.

    • Client name - Displays the clients that have backup images for a supported policy type.

    • Policy type - Displays all the supported policies that are enabled for YARA scanning.

    • Type of backup - Any incremental backup images that do not have the NetBackup Accelerator feature enabled are not supported for the VMware workload.

    • Copies - If the selected copy does not support instant access, then the backup image is skipped for the scan. (For NAS-Data-Protection policy type) Select the Copies as Copy 2.

    • Disk pool - MSDP (PureDisk), OST (for example, Data Domain) and AdvancedDisk storage type disk pools are listed.

    • Disk type - MSDP (PureDisk), OST (for example, Data Domain) and AdvancedDisk disk types are listed.

    • Infection status - The malware-infected status of the backup images can be searched based on the following types: infection detected by malware scan, file hash search, not infected, not scanned or all.

    • For the Select the timeframe of backups, verify the date and the time range or update it.

    • On selecting the Abort malware scan on detecting an infection option, clean recovery would not be supported for infected images.

  7. Click Search.
  8. Select the search criteria and ensure that the selected compute host is active and available.
  9. From the Select the backups to scan table select one or more images for scan.
  10. Click Scan for malware.
  11. After the scan is initiated, the Scan status is displayed.

    The following are the status fields:

    • Not scanned

    • Not infected

    • Infected

    • Failed

      Hover over the status to view the reason for the failed scan.

      Note:

      Any backup images that fail the validation are ignored. Scanning is supported for the backup images that are stored on storage with instant access capability and for the supported policy types only.

    • In progress

    • Pending

      Note:

      You can cancel the scan for one or more jobs that are in progress or are pending.

    • Infected - Scan aborted

    You can view the YARA scanning jobs on the Activity monitor UI.

Feedback

Was this page helpful?
Previous

Workflow to configure YARA scanning

Next

Assets by workload type for YARA scanning

Feedback

Was this page helpful?