Skip to main content
Solved

Implemented new AV - Cylance


Forum|alt.badge.img+13

HI Team,

we have replaced the AV from symantec to cylance but on cylance also do we need to have all the exclusion as per commvault recommandation. as we heard cylance uses machine learning method.

 

https://documentation.commvault.com/commvault/v11/article?p=8665.htm

Best answer by Stuart Painter

Hi @Allan0105 

We recommend implementing exclusions to avoid any interference with Commvault processes from Antivirus.

In principle, if Cylance can perfectly identify all Commvault process as safe, then no intervention will be necessary. 

However, to be sure and safe and avoid any unexpected interruptions in data protection operations, I recommend the proper exclusions are put in place.

Thanks,

Stuart

View original
Did this answer your question?

4 replies

Forum|alt.badge.img+15

Hi @Allan0105 

We recommend implementing exclusions to avoid any interference with Commvault processes from Antivirus.

In principle, if Cylance can perfectly identify all Commvault process as safe, then no intervention will be necessary. 

However, to be sure and safe and avoid any unexpected interruptions in data protection operations, I recommend the proper exclusions are put in place.

Thanks,

Stuart


Forum|alt.badge.img+13
  • Author
  • Byte
  • 115 replies
  • October 5, 2021

Thanks Stuart, we are implementing the exclusion of all the commvault related files/folder and process on the Cylance


Graham Swift
Vaulter
Forum|alt.badge.img+11

@Allan0105, Please can you confirm how you did the exclusions with Cylance. I have another customer that has it and we are seeing it cause data corruption on the backup data when writing to a UNC based disk library. When we disable Cylance we no longer see the errors.

Exclusions were put in place using our recommendations but they are either not correct for how Cylance works or they are being ignored.

I believe that Cylance works differently than other AV products and apparently looks at the binary and if the binary/binary path is in the exclusion it should not scan anything that is called by that binary. So that makes me think as Commvault uses OS binaries as well, here it uses the SMB stack in the OS to read and write the backup data that additional exclusions may be needed than would typically be needed.

Anything that you found in your environment that would help others would be great. I can then see if we can improve our documentation and get something added for Cylance specifically.


Forum|alt.badge.img+13
  • Author
  • Byte
  • 115 replies
  • April 6, 2022
Graham Swift wrote:

@Allan0105, Please can you confirm how you did the exclusions with Cylance. I have another customer that has it and we are seeing it cause data corruption on the backup data when writing to a UNC based disk library. When we disable Cylance we no longer see the errors.

Exclusions were put in place using our recommendations but they are either not correct for how Cylance works or they are being ignored.

I believe that Cylance works differently than other AV products and apparently looks at the binary and if the binary/binary path is in the exclusion it should not scan anything that is called by that binary. So that makes me think as Commvault uses OS binaries as well, here it uses the SMB stack in the OS to read and write the backup data that additional exclusions may be needed than would typically be needed.

Anything that you found in your environment that would help others would be great. I can then see if we can improve our documentation and get something added for Cylance specifically.

Hi Graham, 

 

Good Morning!

I spoke to my Cylance team and they have an exclusion on the group policy level and i have attached the snap of the exclusion placed on the Cylance. As we have only disk library and we have same naming conversion on all the MA’s so we set is as *:\DL* on the Cylance which was working fine. Please review and let me know, if you have any queries. 


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings