Overview
Whenever you trigger a restore with the Restore Scan option enabled, a scan job is initiated. You can monitor and manage all the scan jobs from the Scan Jobs page in Ransomware Recovery.
❗ Important
Restore scan is not supported for files beyond 1 GB in size.
A Last Updated at timestamp is displayed beside the page heading to help you understand when the details of the page were last updated.
For Endpoints, File Server, NAS, Azure Virtual Machines, and AWS Workloads-EC2 and EBS Volumes: Only after the scan job is complete, restore activity starts, clean files are restored, and all the malicious files are blocked.
For VMware Virtual Machines: The file scan job is initiated after the restore job is complete. You must have a valid Accelerated Ransomware Recovery license enabled to use this feature.
You can view a summary of the scan job from the Scan Jobs page.
You can cancel an ongoing job if you initiated the scan by mistake or no longer need to scan the data for malicious files.
❗ Important
For Restore Scan, jobs are retained for 180 days.
Scan Jobs tab
The Scan Jobs tab provides an overview of all the Restore Scan jobs initiated for all the configured resources- Endpoints, File Backupsets (File Server and NAS), Azure VM, VMware Virtual Machines, and AWS Workloads - EC2 and EBS Volume.
The following table provides information about the different sections within the Scan Jobs tab.
Fields | Description |
Summary section |
|
Total File Scan Jobs | The total number of file scan jobs for all the configured resources- Endpoints, File Backupsets (File Server and NAS), Azure VM, VMware Virtual Machines, and AWS Workloads - EC2 and EBS Volume.
Alternatively, you can also use the APIs to view these details. For more information, see Developer Portal. |
Resource Types job count - Endpoints, FileBackupsets (File Server and NAS),Azure VM, VMware Virtual machines, and AWS Workloads | The file scan job count for specific configured resources Endpoints, File Backupsets (File Server and NAS), Azure VM, VMware Virtual machines or AWS Workloads- EC2 and EBS Volume. Click on the count to view all the file scan jobs for a specific resource in the Job Details listing section. |
You can use the filter icon to filter and view the scan jobs per your requirements. You can filter the scan jobs list based on the Resource Type, Scan Status, and Start time criteria.
Click the Job ID to view the following job details:
Fields | Description |
Job Details section |
|
Scan Job ID | The unique ID of the scan job. |
Job Type | Denoting that the job was Restore Scan. |
Start Time | The time when the scan was initiated. |
End Time | The time when the scan finished. If the job ended prematurely due to cancelation, or due to failure, this field displays that timestamp. |
Product Job ID | The ID of the restore job. Click to view the details on the product UI. |
Resource Name | The name of the data source. |
vCenter/ESXi Host | The details of the host virtual machine. This field is only displayed when the resource type is a Sandbox virtual machine. |
Resource Type | The type of data source. Example: File Server, EC2 and EBS for AWS Workloads, Azure VM, VMware Virtual Machines. |
User Name | The name of the user to whom the endpoint belongs. This field is only displayed when the resource type is an endpoint. |
Organization | The name of the organization to which the server belongs. This field is only displayed when the resource type is a server. |
Status | The current status of the job. It can be any of the following:
|
Created By | The name of the administrator or inSync Client user who initiated the restore. |
Scan Type | The type of scan- Deep or Quick. |
Maximum File Size to Scan | The maximum file size allowed for scan. For Quick Scan it is 100 MB. |
Resource Name | The name of the resource for scan. |
Resource Type | The type of resource which can be EC2 or EBS Volume, Azure VM, VMware virtual machines, server, Endpoints. |
Sandbox Recovered VM name | The details of the restored Sandbox virtual machine. This field is only displayed when the resource type is a Sandbox virtual machine. |
Files to exclude from scanning | The list of files that will be excluded from scan. |
Scan Files | Details of the files scanned- modified and created frequency. |
Scan Details section: This content is applicable for Endpoints, File Server,NAS, Azure VM, AWS Workloads - EC2 and EBS Volume resources. |
|
Files Selected For Restore | The total number of files that the administrator or an inSync Client user selected for this restore job. |
Files Scanned | The total number of files scanned for this restore job. |
Files Scan Skipped | The number of files that were skipped during the scan. There can be various reasons for this such as file being deleted midway through the scan, file corrupted, file path not accessible, and so on. |
File Matched | The number of malicious files. Click the number to view the details of the malicious files and also download a CSV containing the file names and SHA1 value of each file. Use the Download File Report option to download and view the details of malicious files. The report is a zip CSV file that contains cumulative file details of malicious and skipped files. The File Report contains the following details:
❗ Important The Download File Report option is enabled when Druva encounters and displays a count of blocked files. |
Volume Skipped | Count of volumes that were skipped from scan. |
| The number of malicious files. Click the number to view the details of the malicious files and also download a CSV containing the file names and SHA1 value of each file. Use the Download File Report option to download and view the details of malicious files. The report is a zip CSV file that contains cumulative file details of malicious and skipped files. The File Report contains the following details:
❗ Important The Download File Report option is enabled when Druva encounters and displays a count of blocked files. |
File Hash IOC Set Used | Detailed list of all the File Hash IOC Sets used for malicious data scan- Custom IOC Set and/or Druva-published IOC Set. |
Scan Details section: This content applies to Sandbox virtual machines. |
|
Files Scan Skipped | The number of files that were skipped during the scan. There can be various reasons for this such as a file being deleted midway through the scan, a file corrupted, a file path not accessible, and so on. |
Files Scanned | The total number of files scanned for this restore job. |
Malicious Files Found | The number of malicious files. Click the number to view the details of the malicious files and also download a CSV containing the file names and SHA1 value of each file. Use the Download File Report option to download and view the details of malicious files. The report is a zip CSV file that contains cumulative file details of malicious and skipped files. ❗ Important The Download File Report option is enabled when malicious files are identified and a count of malicious files is displayed. |
Files Deleted | The number of malicious files deleted. This is displayed only if the Delete Malicious Files checkbox is selected and malicious are detected during scan. |
Action
Use the Download File Report option to download and view the details of malicious files. The report is a zip CSV file that contains cumulative file details of malicious and skipped files.
❗ Important
The Download File Report option is enabled when malicious files are identified and a count of malicious files is displayed.
The File Report contains the following details:
File Path: Location of the file.
MTime: Date and time when the file was last modified/updated
Size: The size of the scanned file
SHA1 Hash: The SHA1 hash value of the scanned file
Hash Match against: The Hash Value used for mapping the scanned file.
Virus Name: The name of the virus identified in the scanned file
Reason To Skip from Scan: Details of why a specific file was skipped from scan