How a backup application (Commvault) finding the Ransomware in a system?

Last post 12-03-2019, 2:23 PM by AmolJ. 3 replies.
Sort Posts: Previous Next
  • How a backup application (Commvault) finding the Ransomware in a system?
    Posted: 05-03-2018, 12:58 PM

    Does anyone know how this "Ransomware Protection" at Media Agent Level works?

    Please don't answer it protects from Ransomware and do not allow data to write in mount paths....That is not I expected.

    How is it detecting that there is Ransomware?

    What mechanism or algorithm they have to look such things?

    Commvault is just a backup application. How does this know there is a ransomware/virus or etc., file.

     

    Hope you understood my question. My point is How is this detection happening?

     

    Thanks & Regards,

    Ravindra Tumu

  • Re: How a backup application (Commvault) finding the Ransomware in a system?
    Posted: 05-03-2018, 5:29 PM

    (deleted)

  • Re: How a backup application (Commvault) finding the Ransomware in a system?
    Posted: 05-04-2018, 2:14 AM

    Hello Ravindra,

     

    There are a few different techniques that CV uses to protect your backup data from ransonware, and to alert if we suspect that a client has been infected by ransomware.

     

    http://documentation.commvault.com/commvault/v11/article?p=7877.htm

     

    Method 1  is used to lock down your backup disklibrary mount paths, to ensure that only Commvault processes have write permissions.

     

    Method 2 places a hidden file on your system, that expects never to be found and written to by users. We poll scans of this file to see if the file has been modified. If we detect that it has, we send an alert to Commvault admins of potential ransomware.

     

    Method 3 monitors the backup activity of your clients. If we detech that there has been a high volume of unusal file change, we send an alert for potential infection to Commvault admins.

     

    Please let me know if this answers your question.

     

    Kind regards

     

    Allister

  • Re: How a backup application (Commvault) finding the Ransomware in a system?
    Posted: 12-03-2019, 2:23 PM
The content of the forums, threads and posts reflects the thoughts and opinions of each author, and does not represent the thoughts, opinions, plans or strategies of Commvault Systems, Inc. ("Commvault") and Commvault undertakes no obligation to update, correct or modify any statements made in this forum. Any and all third party links, statements, comments, or feedback posted to, or otherwise provided by this forum, thread or post are not affiliated with, nor endorsed by, Commvault.
Commvault, Commvault and logo, the “CV” logo, Commvault Systems, Solving Forward, SIM, Singular Information Management, Simpana, Commvault Galaxy, Unified Data Management, QiNetix, Quick Recovery, QR, CommNet, GridStor, Vault Tracker, InnerVault, QuickSnap, QSnap, Recovery Director, CommServe, CommCell, SnapProtect, ROMS, and CommValue, are trademarks or registered trademarks of Commvault Systems, Inc. All other third party brands, products, service names, trademarks, or registered service marks are the property of and used to identify the products or services of their respective owners. All specifications are subject to change without notice.
Close
Copyright © 2020 Commvault | All Rights Reserved. | Legal | Privacy Policy