Forum Discussion
- quebekModerator
Hello
Well the whole process is described below
https://www.veritas.com/support/en_US/doc/160799157-160799174-0/v152646970-160799174
- quebekModerator
Hello
You are right, my bad. I am sorry.
Check out this link:
https://www.veritas.com/content/dam/www/en_us/documents/technical-documents/TB_netbackup_malware_detection_V1587.pdf
"NetBackup includes an on-demand scan model in the WebUI that performs periodic image inspections. You can configure automatic scanning to occur when images reach the anomaly score you select."
How to configure it? I would have searched in anomaly detection in web UI. Unfortunately now I don't have access to any NBU - on a leave....
- quebekModerator
Hi
Still on leave but managed to find the information in the admin guide here:
https://www.veritas.com/support/en_US/doc/21733320-154479691-0/v153325618-154479691
Good luck!
- Riadh_R17Level 5
Hi quebek
Thank you for your answer
i have followed the dos but auto scan still not worked.
please find below the anomaly_config.conf , is it correct
[root@prodnbfamedia anomaly_detection]# more anomaly_config.conf
# $Copyright: Copyright (c) 2024 Veritas Technologies LLC. All rights reserved $
#---------------------------------------------------------------------------------------------------------------------------------
# Anomaly detection automatic malware scan configuration
#
# ------------------------------------------------------------------------
# Instructions on how to use this template file.
# ------------------------------------------------------------------------
#
# 1. Create a new file with contents of this template file with name 'anomaly_config.conf'
# 2. Place 'anomaly_config.conf' at below location
# For Linux : /usr/openv/var/global/anomaly_detection
# For Windows : <NetBackup install location>\NetBackup\var\global\anomaly_detection
# Note: Previous version Anomaly configuration is no longer available in the config file.
#-----------------------------------------------------------------------------------------------------------------------------------# Use below settings to enable automated malware scan for anomaly detected jobs.
# 1. Enable automated scan
# # Use ENABLE_AUTOMATED_SCAN = 1 under AUTOMATED_MALWARE_SCAN_SETTINGS
[AUTOMATED_MALWARE_SCAN_SETTINGS]
ENABLE_AUTOMATED_SCAN=1
#
# 2. Enable automated scan for all clients
Use ENABLE_ALL_CLIENTS=1
# # Use ENABLE_ALL_CLIENTS=0 to turn OFF automated scan for all clients.
# # Use SCAN_HOST_POOL_NAME to mention the scan host for clients.
SCAN_HOST_POOL_NAME=netbackupscanner_pool
#
# 3. Use clients batch to mention scan host pool for individual clients
# # the batch number gets added at end with _<batch number>
# # ENABLE_SCAN_ON_SPECIFIC_CLIENT_<batch_number> & SCAN_HOST_POOL_NAME_<batch_number>
# NUM_CLIENTS_BATCH_SPECIFIED=2
# ENABLE_SCAN_ON_SPECIFIC_CLIENT_1=client1,client2
# SCAN_HOST_POOL_NAME_1=<scan_host_pool_name1>
#
# ENABLE_SCAN_ON_SPECIFIC_CLIENT_2=client3,client4
# SCAN_HOST_POOL_NAME_2=<scan_host_pool_name1>
#
# Note:
# # If we have ENABLE_ALL_CLIENTS = 0 and we have clients mentioned under ENABLE_SCAN_ON_SPECIFIC_CLIENT_<batch)number>
# # then scan would start only on those clients
# # For rest of clients not mentioned under ENABLE_SCAN_ON_SPECIFIC_CLIENT_<batch_number> and if ENABLE_ALL_CLIENTS = 1
# # then for those clients, SCAN_HOST_POOL_NAME=<scan_host_name> would be used.
#
# 4. Set anomalySeverity , anomalyScore and ransomwareExtensionImages to trigger malware scan automatically
# # the TRIGGER_SCAN_FOR_LOW_SEVERITY is set to 1 to trigger malware scan automatically for low severity anomaly.
# # the TRIGGER_SCAN_FOR_MED_SEVERITY is set to 1 to trigger malware scan automatically for medium severity anomaly.
# # the TRIGGER_SCAN_FOR_SCORE_GREATER_THAN is set to positive value to trigger malware scan automatically for anomaly score greater than or equal to given value.
# TRIGGER_SCAN_FOR_LOW_SEVERITY=0
# TRIGGER_SCAN_FOR_MEDIUM_SEVERITY=0
# TRIGGER_SCAN_FOR_SCORE_GREATER_THAN=2.5
# TRIGGER_SCAN_FOR_RANSOMWARE_EXT_IMAGES=1
#
# Note:
# # Use TRIGGER_SCAN_FOR_LOW_SEVERITY, TRIGGER_SCAN_FOR_MED_SEVERITY, TRIGGER_SCAN_FOR_SCORE_GREATER_THAN to trigger malware scan for respective values.
# # By default malware scan is triggered for HIGH severity.
# - quebekModerator
Hello
You did notice this:
"You can configure automatic scanning to occur when images reach the anomaly score you select."
So it will not be kicked in for all - only for these which do met certain anomaly score!
- kiyanLevel 6
hi,
you need to remove the hash for the line which you like to enable
malware scan automatically for anomaly score greater than or equal to given value.
# TRIGGER_SCAN_FOR_LOW_SEVERITY=0
# TRIGGER_SCAN_FOR_MEDIUM_SEVERITY=0
# TRIGGER_SCAN_FOR_SCORE_GREATER_THAN=2.5
# TRIGGER_SCAN_FOR_RANSOMWARE_EXT_IMAGES=1
Related Content
- 5 months ago