commvault.com commvault.com
Solved

Implemented new AV - Cylance

  • 4 October 2021
  • 4 replies
  • 181 views
A
Rank
Userlevel 3
Badge +13

HI Team,

we have replaced the AV from symantec to cylance but on cylance also do we need to have all the exclusion as per commvault recommandation. as we heard cylance uses machine learning method.

 

https://documentation.commvault.com/commvault/v11/article?p=8665.htm

icon

Best answer by Stuart Painter 4 October 2021, 15:53

View original

4 replies

S
Rank
Userlevel 7
Badge +15

Hi @Allan0105 

We recommend implementing exclusions to avoid any interference with Commvault processes from Antivirus.

In principle, if Cylance can perfectly identify all Commvault process as safe, then no intervention will be necessary. 

However, to be sure and safe and avoid any unexpected interruptions in data protection operations, I recommend the proper exclusions are put in place.

Thanks,

Stuart

Customer Support
A
Rank
Userlevel 3
Badge +13

Thanks Stuart, we are implementing the exclusion of all the commvault related files/folder and process on the Cylance

Graham Swift
Rank
Userlevel 4
Badge +10

@Allan0105, Please can you confirm how you did the exclusions with Cylance. I have another customer that has it and we are seeing it cause data corruption on the backup data when writing to a UNC based disk library. When we disable Cylance we no longer see the errors.

Exclusions were put in place using our recommendations but they are either not correct for how Cylance works or they are being ignored.

I believe that Cylance works differently than other AV products and apparently looks at the binary and if the binary/binary path is in the exclusion it should not scan anything that is called by that binary. So that makes me think as Commvault uses OS binaries as well, here it uses the SMB stack in the OS to read and write the backup data that additional exclusions may be needed than would typically be needed.

Anything that you found in your environment that would help others would be great. I can then see if we can improve our documentation and get something added for Cylance specifically.

Thanks, Graham - Note: opinions are my own :)
A
Rank
Userlevel 3
Badge +13

@Allan0105, Please can you confirm how you did the exclusions with Cylance. I have another customer that has it and we are seeing it cause data corruption on the backup data when writing to a UNC based disk library. When we disable Cylance we no longer see the errors.

Exclusions were put in place using our recommendations but they are either not correct for how Cylance works or they are being ignored.

I believe that Cylance works differently than other AV products and apparently looks at the binary and if the binary/binary path is in the exclusion it should not scan anything that is called by that binary. So that makes me think as Commvault uses OS binaries as well, here it uses the SMB stack in the OS to read and write the backup data that additional exclusions may be needed than would typically be needed.

Anything that you found in your environment that would help others would be great. I can then see if we can improve our documentation and get something added for Cylance specifically.

Hi Graham, 

 

Good Morning!

I spoke to my Cylance team and they have an exclusion on the group policy level and i have attached the snap of the exclusion placed on the Cylance. As we have only disk library and we have same naming conversion on all the MA’s so we set is as *:\DL* on the Cylance which was working fine. Please review and let me know, if you have any queries. 

1 Attachment

Reply


Terms & ConditionsCookie settings