Skip to main content


 

 

druva_logo.pngDruva
|
Documentation

How can we help you?

Trending articles:

 

Druva Documentation

Scan virtual machines data after restoring it

  1. Last updated
  2. Save as PDF
Heads up!

We've transitioned to a new documentation portal to serve you better. Access the latest content by clicking here.

Overview

  •  VMware tools must be installed and running on the destination virtual machines for scanning files for malicious data. For more information, see Restore virtual machines using sandbox.
  • Ensure that there are at least 2 CPUs and 4 GB memory with 1. 4 to 1.5 GB free to run the scan. However, it is recommended to have 8 CPUs and 16 GB memory for a faster scan.
  • We use the clamav-0.105.2 version of ClamAV for malicious file scan check.

After the restore job is complete for the Sandbox virtual machine, with the Malicious File Scan feature, you can scan the data for malicious files and pre-defined file hashes. This ensures the restored data is clean and devoid of viruses and malware. You can scan the data irrespective of the restore location. 

When Malicious File Scan is enabled, you will see the Malicious File Scan section in the Sandbox Recovery > Settings window on the Hybrid Workloads page.

Delete_Malicious Files_Sandbox_Prdt doc.png

For Sandbox VM file scan, toggle the button to enable the scan from the Sandbox Recovery > Settings page.  

Select the Delete Malicious Files checkbox if you want to automatically delete the detected malicious files identified during Malicious File Scan.

Note: In case of scan job failure with the Delete Malicious Files setting already selected, some malicious file(s) will get deleted as part of the scan.

For more information about VMware Sandbox Recovery, see Restore virtual machines using sandbox

 You cannot enable or disable Malicious File Scan for Sandbox VM from the Malicious File Scan  > Settings tab on the Ransomware Recovery page.

The virtual machine is scanned after restore completion, hence the overall job time increases. You can view the progress of the scan job from the Jobs page. There is an option to cancel the scan job if you feel it’s taking longer than you expected and restoring the files is urgent. 

On the restore Jobs page for a virtual machine, the vector2.png sign is present beside every restore job that has malicious file scan enabled. To learn more about what each scan status icon displayed on the Sandbox VM signifies, see Scan status for sandbox recovery job.

Malicious file scan is not supported for files beyond 4 GB in size. 

Support matrix for Sandbox Recovery

The following are the supported Windows versions for Sandbox Recovery:

  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019
  • Windows Server 2022
  • Windows Server 2008R2

Note: For Malicious File Scan support for Windows Server 2008R2, ensure that the prerequisites are met.

The following are the supported Linux versions for Sandbox Recovery:

  • Red Hat Enterprise Linux (RHEL) 7.0 , 7.1, 7.2, 7.3, 7.4, 7.5
  • CentOS 7.0 , 7.1, 7.2, 7.3, 7.4, 7.5
  • Ubuntu 14.04,16.04
  • SUSE Linux Enterprise Server 12, 12 SP 3
  • VMware Photon OS Version 4

Monitor Sandbox Recovery scan jobs

You can monitor the status of sandbox recovery scan jobs via alerts and audit trails.

Alerts

After the file scan job is complete, a warning alert is generated and an email is sent to subscribed administrators in case malicious files are encountered during a scan. You can view the alert details from the Alerts page.

Audit Trails

You can filter and view the details of the file scan job activities from the Audit Trails > Filters > Activity Type.

 Audit_Trails_Filter_VMware_resized.png

You can view details for the following Malicious File Scan activity types:

  • Job created: The detailed status of the sandbox recovery scan job created
  • Job Cancelled: The detailed status of the canceled sandbox recovery scan job 
  • Downloaded job report - The detailed report of the scan job to view details of the scan job

You may encounter the following errors related to anti-virus scan skip for files.

Error  Reason
WARNING: Can't open file- Permission denied

This error is observed in the following scenarios:

  • File does not have read permissions
  • File is located at an inaccessible location
Empty file The file has no data to scan.
WARNING:- Can't access file The file size is greater than the set file size limit for the file scan to run.
Linux specific errors
Not supported file type (Observed for linux) The file type is not supported for anti-virus scan.
  • Excluded (/proc) (Observed for linux)
  • Permission denied (Observed for linux)
  • Can't read file ERROR (Observed for linux)
  • Can't get file status
 Access to the file is denied due to a lack of required permissions.

​​​​​To view activity details for a specific administrator, select the administrator and click View Details. The Activity Details page with file scan activity information is displayed.

Activity Details_audit trail.png

For more information about VMware Sandbox Recovery, see Restore virtual machines using sandbox.

 

►Here is a quick preview of Sandbox Recovery.