vStor 4.11
Catalogic SoftwareKnowledge BaseMySupport
  • Welcome to vStor!
  • Introduction
  • Installation
    • Deploying Catalogic vStor on Physical Appliances
    • Deploying Catalogic vStor Virtual Appliance for VMware
    • Deploying Catalogic vStor Virtual Appliance for Microsoft Hyper-V
    • Required Ports for Catalogic vStor
    • Updating Catalogic vStor
  • Quick Start
    • Catalogic vStor for VMware
    • Catalogic vStor for Hyper-V
  • Basic Configuration
    • Initializing vStor
    • Adding Catalogic vStor Node to Catalogic DPX
      • Using vStor API Keys with Catalogic DPX
    • Configuring vStor System Settings
      • Basic System Configuration
      • Security and Network
      • Data Management and Optimization
      • System Monitoring and Maintenance
    • Configuring Network Settings of Catalogic vStor
    • Backing up Configuration Settings of Catalogic vStor
    • Restoring Configuration Settings of Catalogic vStor
  • Storage Management
    • Adding Disks
    • Managing Storage Pools
    • Managing Volumes
      • Migrating Volumes
      • Creating Volume Snapshots
      • Using vStor Autosnapshot
    • ZFS Compression and Deduplication
    • Managing Shares
    • Managing Hosts for LUN Volumes
    • Using vStor Snapshot Explorer
  • Data Protection
    • Catalogic vStor Backup and Recovery
    • Creating vStor Partnerships
      • Creating Replication Groups
      • Establishing Cross-Version Partnerships
    • Enabling Volume Encryption
    • Immutability in vStor
    • Using GuardMode Scan
  • Advanced Configuration
    • Using Multipath Storage
    • Managing Certificates
    • Adding Encryption URLs
    • Managing MinIO Buckets
    • Assigning an E-mail to a vStor Account
    • Managing vStor User Accounts
    • Using Multi-factor Authentication (MFA)
  • vStor Command Line Interface
    • Catalogic vStor Server CLI Overview
  • Best Practices
    • Hardware Configurations: Best Practices
    • Data Backup: Best Practices
    • Data Archiving: Best Practices
    • Backup Storage: Best Practices
    • Frequently Asked Questions: Best Practices
Powered by GitBook
On this page
  • Initiating a GuardMode Scan
  • Understanding Scan Results
  • Interpreting and Acting on Scan Results
  1. Data Protection

Using GuardMode Scan

PreviousImmutability in vStorNextUsing Multipath Storage

Last updated 9 months ago

GuardMode Scan is a powerful feature that allows you to scan mounted filesystems for potential ransomware infections or data encryption. This tool is particularly useful when you want to ensure the integrity of your data before restoring it to production environments.

Initiating a GuardMode Scan

To begin a GuardMode scan on a mounted filesystem:

  1. In the volume view of your mounted filesystem, click on the GuardMode Scan tab.

  2. Click the Scan with GuardMode button to start the scan.

Now, the table will display detected suspicious files in real-time.

Tip. Always scan mounted snapshots before restoring data to production environments. This best practice helps prevent the introduction of compromised data into your systems.

Understanding Scan Results

The scan results table provides comprehensive information about potentially compromised files. It consists of four columns:

  1. Suspicious File: Lists the path and name of files flagged during the scan.

  2. Entropy Result: Indicates the level of randomness in the file's content, which can be a sign of encryption.

  3. Magic Number Result: Shows whether the file's signature matches its expected file type.

  4. Matched Blocklist Pattern: Displays any blocklist patterns that the file matched against.

Tip. Files with high entropy, mismatched magic numbers, or those matching blocklist patterns are more likely to be compromised. Regularly update your GuardMode blocklist to stay protected against the latest threats.

Interpreting and Acting on Scan Results

If GuardMode Scan detects suspicious files in a snapshot:

  1. Review the scan results carefully.

  2. Understand that a compromised snapshot can indicate an infected system at the time the snapshot was taken.

  3. Do not restore from this snapshot. Instead, navigate to earlier snapshots and scan them with GuardMode.

  4. Continue this process until you find a clean snapshot without any suspicious files.

  5. Use the earliest clean snapshot for your restoration to ensure you're reverting to a state before the infection occurred.