License editions: To understand the applicable license editions, see Plans & Pricing.
Overview
Whenever you trigger a restore with the Malicious File Scan option enabled, a scan job is initiated. You can monitor and manage all the scan jobs from the Scan Jobs page in Ransomware Recovery.
โ Important
Malicious file scan is not supported for files beyond 1 GB in size.
A Last Updated at timestamp is displayed beside the page heading to help you understand when the details of the page were last updated.
For Endpoints, File Server, and NAS: Only after the scan job is complete, restore activity starts, clean files are restored, and all the malicious files are blocked.
For Virtual Machines: The file scan job is initiated after the restore job is complete. You must have a valid Accelerated Ransomware Recovery license enabled to use this feature.
You can view a summary of the scan job from the Scan Jobs page.
You can cancel an ongoing job if you initiated the scan by mistake or no longer need to scan the data for malicious files.
โ Important
For Malicious File Scan, jobs are retained for 180 days.
Scan Jobs tab
The Scan Jobs tab provides an overview of all the Malicious File Scan jobs initiated for all the configured resources- Endpoints, File Backupsets (File Server and NAS), and Virtual Machines.
The following table provides information about the different sections within the Scan Jobs tab.
Fields | Description |
Summary section |
|
Total File Scan Jobs | The total number of file scan jobs for all the configured resources- Endpoints, File Backupsets (File Server and NAS), and Virtual Machines.
Alternatively, you can also use the APIs to view these details. For more information, see Developer Portal. |
Resource Types job count - Endpoints, FileBackupsets (File Server and NAS), and Virtual machines. | The file scan job count for specific configured resources Endpoints, FileBackupsets (File Server and NAS), and Virtual machines. Click on the count to view all the file scan jobs for a specific resource in the Job Details listing section. |
You can use the filter icon to filter and view the scan jobs per your requirements. You can filter the scan jobs list based on the Resource Type, Status, and Start time criteria.
Click the Job ID to view the following job details:
Fields | Description |
Job Details section |
|
Job ID | The unique ID of the scan job. |
Job Type | Denoting that the job was Malicious File Scan. |
Start Time | The time when the scan was initiated. |
End Time | The time when the scan finished. If the job ended prematurely due to cancelation, or due to failure, this field displays that timestamp. |
Product Job ID | The ID of the restore job. |
Resource Name | The name of the data source. |
vCenter/ESXi Host | The details of the host virtual machine. This field is only displayed when the resource type is a Sandbox virtual machine. |
Resource Type | The type of data source. Example: File Server. |
User Name | The name of the user to whom the endpoint belongs. This field is only displayed when the resource type is an endpoint. |
Organization | The name of the organization to which the server belongs. This field is only displayed when the resource type is a server. |
Status | The current status of the job. It can be any of the following:
|
Created By | The name of the administrator or inSync Client user who initiated the restore. |
Sandbox Recovered VM name | The details of the restored Sandbox virtual machine. This field is only displayed when the resource type is a Sandbox virtual machine. |
Scan Details section: This content is applicable for Endpoints, File Server, and NAS resources. |
|
Files Selected For Restore | The total number of files that the administrator or an inSync Client user selected for this restore job. |
Files Scanned | The number of files scanned for this restore job. |
Files Scan Skipped | The number of files that were skipped during the scan. There can be various reasons for this such as file deleted midway through the scan, file corrupted, file path not accessible, and so on. |
Files Blocked | The number of malicious files. Click the number to view the details of the malicious files and also download a CSV containing the file names and SHA1 value of each file.
Use the Download File Report option to download and view the details of malicious files. The report is a zip CSV file that contains cumulative file details of malicious and skipped files.
โ Important
The Download File Report option is enabled when Druva encounters and displays a count of blocked files. |
Scan Details section: This content is applicable for Sandbox virtual machines. |
|
Files Scan Skipped | The number of files that were skipped during the scan. There can be various reasons for this such as a file being deleted midway through the scan, a file corrupted, a file path not accessible, and so on. |
Files Scanned | The number of files scanned for this restore job. |
Malicious Files Found | The number of malicious files. Click the number to view the details of the malicious files and also download a CSV containing the file names and SHA1 value of each file.
Use the Download File Report option to download and view the details of malicious files. The report is a zip CSV file that contains cumulative file details of malicious and skipped files.
โ Important
The Download File Report option is enabled when malicious files are identified and a count of malicious files is displayed. |
Files Deleted | The number of malicious files deleted. This is displayed only if the Delete Malicious Files checkbox is selected and malicious are detected during scan. |