Hello @DanC 

There is no impact on CPU or Memory by using File Anomaly detection on Clients. We use a Honeypot file to detect encryption and we monitor for file anomalies by periodically checking for large amounts of files created, deleted, modified, or renamed. We also periodically scan for malicious file extensions.

You can learn more about this in our documentation. Let me know if you have any further questions.

Anomaly Detection On Client Computers - https://documentation.commvault.com/2023e/expert/7879_anomaly_detection_on_client_computers_01.html

Thank you,
Collin

thanks @Collin Harper 

just want to clarify that Method1 & 2 both use Honeypot file to detect unusual activities ? 

Hello @DanC 

I am not sure what you mean by “Method 2” but the Honeypot file is just a static file that we monitor for changes. Since files like Word Docs and Excel Docs are common targets, this Honeypot File is a static file that will trigger an alert of it gets encrypted by ransomware.
Regarding any scanning you are referring to, this is done when checking for suspicious file extensions and anomalies is file activity (create, modify, delete).

Thank you,
Collin

@Collin Harper

i’m referring to the below Method2 : 

Is there any impact on system performance when scanning these files or activities?
Considering that they are scanned on the client machine frequently, why doesn't it result in a significant system load?

Method 2: Detecting File Anomalies On Client Computers

https://documentation.commvault.com/11.22/expert/7879_monitoring_file_anomalies_on_client_computers.html

 

Hello @DanC 

There is no impact to system resources of the CommServe or Clients being monitored.

Anomaly Detection On Client Computers - https://documentation.commvault.com/2023e/expert/7879_anomaly_detection_on_client_computers_01.html

Note: Monitoring client computers does not cause additional CPU load on the CommServe computer or on the client computers.

Thank you,
Collin.

thanks Collin