Skip to main content
commvault.com commvault.com
Solved

Licensing change - Threat Scan for VMs removed from price list

  • November 25, 2025
  • 6 replies
  • 229 views
Onno van den Berg
Community All Star
Forum|alt.badge.img+24

I noticed that the latest price list no longer includes Threat Scan for VMs and Risk Analysis for VMs in the SKU list. This effectively means both services can now only be purchased or consumed based on the amount of processed FET.

We recently added Threat Scan to our internal catalogue as part of our upgrade to FR40, and this sudden change is quite disruptive. Unexpected adjustments like this significantly impact MSPs and resellers, making it harder to position these services to customers because the cost becomes highly unpredictable.

I’m curious to understand the reasoning behind this change, as in my opinion, it does not seem to support upsell, sales growth, or revenue generation.

Best answer by Brad Kirby

Hi Onno,

My name is Brad Kirby, and I am from the product team working on ThreatScan and other security products.  If it’s okay, I would like to set up a time to review the changes we have made and explain why this resulted in us making the choices that we did.  As a start, there are a couple of reasons for this:

First, we have re-architected the scanning mechanism for the product so that all ThreatScan-enabled resources are scanned regularly in the background.  We heard from many customers that “scan upon restore” was not working for them.  Their expectation was that we would scan all ThreatScan-enabled resources, whether it be file & object or VM, in the background and not rely on them to detect a potential problem first and then scan.  This became particularly problematic in larger environments.

We are trying to harmonize the licensing mechanism across offerings and delivery modalities.  Rather than one licensing mechanism for file & object and a second licensing model for VM, and potentially yet another mechanism for K8S (when we get there), the idea was to license the same way everywhere.  This will also allow us to license the same way in SaaS and Software.

Would you mind if I set up a call to discuss this further?  We’d love to get your thoughts on the set of enhancements we have made on the product and how we can ensure that costs are predictable for you and your customers.  It looks like I have your email, so if you don't mind, I will put a meeting request on the calendar.

Thanks,

Brad

    6 replies

    P
    Vaulter
    Forum|alt.badge.img+15
    • PradeepVaulter
    • Vaulter
    • November 26, 2025

    Hi ​@Onno van den Berg ,

    I understand the inconvenience caused by this new change. However, I would recommend reaching out to the Sales team for more information regarding the new module and its associated updates.

    They will be able to provide clarity on licensing, feature additions, and any related impacts.

    P
    Vaulter
    Forum|alt.badge.img+15
    • PradeepVaulter
    • Vaulter
    • November 29, 2025

    Hi ​@Onno van den Berg ,

    Apart from the information shared above, we are currently working to gather additional details regarding the recent changes. We will provide an update with our findings at the earliest.

     

      Onno van den Berg
      Community All Star
      Forum|alt.badge.img+24

      Thanks ​@Pradeep much appreciated.

      The challenge with TB pricing models is that customers are financially penalized for having large data volumes, even though they already invest heavily in infrastructure to maintain that data. When we look at Threat Scan, the effort required from a Commvault perspective to scan small or large datasets is essentially the same—the workload is handled by the customer’s infrastructure, not by additional Commvault resources.

      Furthermore, the FET model introduces unpredictability, similar to public cloud costs, which negatively impacts how customers perceive these advanced functions. Ideally, these features should be enabled across all workloads because they provide a much broader view of data security and protection. However, with a costly and unpredictable TB-based model, customers are likely to make restrictive choices.

      A more sustainable approach would be to offer an add-on or “plus” package alongside basic VM protection. This would encourage broader adoption of advanced features without penalizing customers for data size. In the long run, this model could still deliver equivalent revenue through increased adoption while improving customer satisfaction and trust.

      Sougato Roy
      Vaulter
      Forum|alt.badge.img+11
      • Sougato RoyVaulter
      • Vaulter
      • December 1, 2025

      Thanks ​@Pradeep much appreciated.

      The challenge with TB pricing models is that customers are financially penalized for having large data volumes, even though they already invest heavily in infrastructure to maintain that data. When we look at Threat Scan, the effort required from a Commvault perspective to scan small or large datasets is essentially the same—the workload is handled by the customer’s infrastructure, not by additional Commvault resources.

      Furthermore, the FET model introduces unpredictability, similar to public cloud costs, which negatively impacts how customers perceive these advanced functions. Ideally, these features should be enabled across all workloads because they provide a much broader view of data security and protection. However, with a costly and unpredictable TB-based model, customers are likely to make restrictive choices.

      A more sustainable approach would be to offer an add-on or “plus” package alongside basic VM protection. This would encourage broader adoption of advanced features without penalizing customers for data size. In the long run, this model could still deliver equivalent revenue through increased adoption while improving customer satisfaction and trust.

      Hi Onno,

      We’ve shared your questions with the proper team and they should be in touch soon.
      If you don’t hear back this week, please let me know and I’ll make sure it gets to them.

      Thank you,

      Roy

      Roy
        B
        Vaulter
        Forum|alt.badge.img+4
        • Brad KirbyVaulter
        • Vaulter
        • Answer
        • December 1, 2025

        Hi Onno,

        My name is Brad Kirby, and I am from the product team working on ThreatScan and other security products.  If it’s okay, I would like to set up a time to review the changes we have made and explain why this resulted in us making the choices that we did.  As a start, there are a couple of reasons for this:

        First, we have re-architected the scanning mechanism for the product so that all ThreatScan-enabled resources are scanned regularly in the background.  We heard from many customers that “scan upon restore” was not working for them.  Their expectation was that we would scan all ThreatScan-enabled resources, whether it be file & object or VM, in the background and not rely on them to detect a potential problem first and then scan.  This became particularly problematic in larger environments.

        We are trying to harmonize the licensing mechanism across offerings and delivery modalities.  Rather than one licensing mechanism for file & object and a second licensing model for VM, and potentially yet another mechanism for K8S (when we get there), the idea was to license the same way everywhere.  This will also allow us to license the same way in SaaS and Software.

        Would you mind if I set up a call to discuss this further?  We’d love to get your thoughts on the set of enhancements we have made on the product and how we can ensure that costs are predictable for you and your customers.  It looks like I have your email, so if you don't mind, I will put a meeting request on the calendar.

        Thanks,

        Brad

          Moohammed Ramadan
          Explorer
          Forum|alt.badge.img+7

          Hello Everyone,

          I just received a notice from our sales team regarding this today and after doing some quick research I came across ​@Onno van den Bergs post thanks for the explanation ​@Brad Kirby I do have a few concerns and would appreciate some additional clarification

          https://www.linkedin.com/in/eng-mohammed-ramadan/
            Terms & ConditionsCookie settingsAccessibility statement