Skip to main content
commvault.com commvault.com
Solved

Question about honeypot files

Ken_H
Byte
Forum|alt.badge.img+15

Hello everyone,

I have an alert from CommVault that says:

  • Description: A suspicious file [D:\ArielDB\Customers\APS\Ariel\Sets\Prd\Temp\hwot5ftk.afd] is detected on the machine [SRV-PRDP101]. Please alert your administrator.

I read in https://documentation.commvault.com/commvault/v11_sp20/article?p=7879_1.htm that “A Honeypot file placed by Commvault mimics this user document and baits ransomware into encrypting this file.” 

This server is a virtual machine that acts as a file server for our production system and has the “restore only” client installed.  Because it is the restore only client, I believe that there’s no way for CommVault to place a honeypot file there to check for malware encryption.  Is this correct?  Is there a way to check the honeypot file(s) placed on a server by CommVault?

Ken

Best answer by Urosa

Good Afternoon,

Per our documentation, if the Restore only agent is installed.

https://documentation.commvault.com/commvault/v11_sp20/article?p=7877_1.htm

Ransomware Protection

Protecting your data from Ransomware attacks is critically important. Commvault proactively monitors the client computer for any unexpected activity and alert the user with the type of activity.

In addition, you can secure the mount path from being accessed by external processes thereby protecting the backed up data. Commvault provides different methods to protect your data.

Storing Data in Offline Storage

We recommend that you store a copy of data in a secondary storage like Hyperscale appliance, tape or on cloud storage. These media can help in storing data in ransomware protection mode, which is not easily accessible to Ransomware attacks .

Support

  • You cannot configure Ransomware protection using the Command Center. However, you can view the File Activity Anomaly Report using the Command Center or you can also use the Enable Ransomware Protection app to monitor and turn on ransomware protection features in the CommCell Console. To download the app on the Commvault Store, see Enable Ransomware Protection.
  • You must have the File System Core Package installed on your client computer to use this feature.
  • You can configure Ransomware protection for restore-only clients in your CommCell environment. A restore-only client is a computer where you install an agent in restore-only mode if you want to use the client only as a destination to restore backup data.
View original
Did this answer your question?

2 replies

U
Vaulter
Forum|alt.badge.img+3
  • UrosaVaulter
  • Vaulter
  • 20 replies
  • Answer
  • August 9, 2022

Good Afternoon,

Per our documentation, if the Restore only agent is installed.

https://documentation.commvault.com/commvault/v11_sp20/article?p=7877_1.htm

Ransomware Protection

Protecting your data from Ransomware attacks is critically important. Commvault proactively monitors the client computer for any unexpected activity and alert the user with the type of activity.

In addition, you can secure the mount path from being accessed by external processes thereby protecting the backed up data. Commvault provides different methods to protect your data.

Storing Data in Offline Storage

We recommend that you store a copy of data in a secondary storage like Hyperscale appliance, tape or on cloud storage. These media can help in storing data in ransomware protection mode, which is not easily accessible to Ransomware attacks .

Support

  • You cannot configure Ransomware protection using the Command Center. However, you can view the File Activity Anomaly Report using the Command Center or you can also use the Enable Ransomware Protection app to monitor and turn on ransomware protection features in the CommCell Console. To download the app on the Commvault Store, see Enable Ransomware Protection.
  • You must have the File System Core Package installed on your client computer to use this feature.
  • You can configure Ransomware protection for restore-only clients in your CommCell environment. A restore-only client is a computer where you install an agent in restore-only mode if you want to use the client only as a destination to restore backup data.
Scott Moseman
1 person likes this
  • Scott Moseman
    Scott Moseman
Ken_H
Byte
Forum|alt.badge.img+15
  • Ken_H
  • Author
  • Byte
  • 219 replies
  • August 9, 2022

Excellent, thank you.

Ken

Reply


Most helpful members this week

Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings