Running Threat Scan by On-Demand Scan of a Server

You can run Commvault Cloud Threat Scan by performing an on-demand scan of a server.

Procedure

1. From the navigation pane, click Monitoring > Threat Indicators.

   The Threat Indicators page appears, showing a list of servers that contain infected files.

2. To add a new server, click Add server.

   The Add server dialog box appears.

3. Enter the following information:

   • File servers: Select a server to be scanned.

   • Start date: Enter a start date for the scan.

   • End date: Enter an end date for the scan.

   • Storage pool: Select a storage pool for the scan.

   • Anomaly types: Select the following options:

     • File data analysis: Analyzes backup content for unusual file changes (which can be caused by encryption) and file corruption (which can be caused by ransomware or other threats). File data analysis utilizes several techniques for detection, including reading and previewing files, analyzing files for high levels of entropy, and analyzing SIM hash changes across multiple versions of backed up files. When suspicious files are detected, the user can view these files on the Threat Scan dashboard, and then mark bad or corrupted files so that clean versions of data will be recovered automatically.

     • Threat analysis: Analyzes backup content in files and file systems to discover possible malware infections.

4. Click Analyze.

   The Threat Indicators Report appears, showing all suspicious files and detected threats.

What To Do Next

• Review the Threat Indicators Report. For more information, see Threat Indicators Report