Running Threat Scan by System-Based Anomaly Detection

You can run Commvault Cloud Threat Scan by system-based anomaly detection.

Procedure

1. From the navigation pane, click Monitoring > Threat Indicators.

   The Threat Indicators page appears, showing a list of server that contain infected files.

2. Click the Actions button for a server, and then click Threat scan.

   The Threat Scan dialog box appears.

3. Enter the following information:

   • Start date: Enter a start date for the scan.

   • End date: Enter an end date for the scan.

   • Storage pool: Select a storage pool for the scan.

   • Anomaly types: Select the following options:

     • File data analysis: Analyzes backup content for unusual file changes (which can be caused by encryption) and file corruption (which can be caused by ransomware or other threats). File data analysis utilizes several techniques for detection, including reading and previewing files, analyzing files for high levels of entropy, and analyzing SIM hash changes across multiple versions of backed up files. When suspicious files are detected, the user can view these files on the Threat Scan dashboard, and then mark bad or corrupted files so that clean versions of data will be recovered automatically.

     • Threat analysis: Analyzes backup content in files and file systems to discover possible malware infections.

4. Click Analyze.

   The Threat Indicators Report appears, showing all suspicious files and detected threats.

What To Do Next

• Review the Threat Indicators Report. For more information, see Threat Indicators Report