Ransomware Protection for MediaAgents
Commvault software can protect all mount paths associated with disk libraries created from a MediaAgent against Ransomware attacks.
To monitor and activate ransomware protection features within the CommCell Console, you can also use the Enable Ransomware Protection App. Enable Ransomware protection provides more information and a link to the app.
Before You Begin
- Ransomware protection on a MediaAgent will prevent non-Commvault processes, such as Ransomware, from accessing files on the local mount paths and network mount paths. This applies to all OS-level operations that modify/delete/write data. You can copy files from the mount path but not paste or copy it.
- The network share should only have restricted permissions that are granted to a single Commvault backup user who has to write, modify, and delete permissions. This will ensure data protection on a network path. You should ensure that this backup user is the only one with write, modify, or delete permissions for this network share. There may be exceptions. System Other important accounts such as admin These permissions may be required by some users who need to access the mount path folder locally. It is strongly recommended that network mount path permissions be as restricted as possible. Also, make sure to do the following:
- These credentials are used to set the path for the Commvault disk libraries mount path.
- All MediaAgents that access this share can activate ransomware protection.
- Ransomware protection should only be activated in one instance of MediaAgent software if there are multiple instances installed on a machine. Ransomware protection won’t work if it is enabled in all instances at once.
- This feature applies to Windows MediaAgents running V11 SP6 or higher. V11 SP17 or higher supports MediaAgents that use Cluster Shared Volumes, (CSV).
- Expand the CommCell Browser to Storage Resources > MediaAgents
- Right-click on the MediaAgent you wish to use and click Properties.
- Select the Advanced tab.Note: This tab is only available to Windows MediaAgents who have access to a mount path.
- Check the Ransomware Protection check box.