Skip to main content
Command reference

security anti-ransomware volume show

Suggest changes
PDFs

Show anti-ransomware related information of volumes

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

The security anti-ransomware volume show command displays information related to Anti-ransomware on the volumes in the cluster. The following information is displayed:

  • Vserver Name: The Vserver on which the volume is located.

  • Volume Name: The volume name

  • State: The Anti-ransomware state of the volume. The possible values are disabled , enabled , dry-run , dry-run-paused , enable-paused and disable-in-progress .

Parameters

{ [-fields <fieldname>,…​]

If you specify the -fields <fieldname>, …​ parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify.

| [-attack ]

If this parameter is specified, ransomware attack details are displayed.

| [-instance ] }

If you specify the -instance parameter, the command displays detailed information about all fields.

[-vserver <vserver name>] - Vserver Name

If this parameter and the -volume parameter are specified, the command displays detailed information related to Anti-ransomware about the specified volume. If this parameter is specified by itself, the command displays information related to the Anti-ransomware about all volumes on the specified Vserver.

[-volume <volume name>] - Volume Name

If this parameter and the -vserver parameter are specified, the command displays detailed information related to Anti-ransomware about the specified volume. If this parameter is specified by itself, the command displays information related to the Anti-ransomware about all volumes matching the specified name.

[-state {disabled|enabled|dry-run|paused|dry-run-paused|enable-paused|disable-in-progress}] - State

If this parameter is specified, the command displays information only about the volume or volumes that have the specified Anti-ransomware state. The possible values are disabled , enabled , dry-run , dry-run-paused , enable-paused and disable-in-progress . The possible states are:

  • disabled - Anti-ransomware is disabled on the volume.

  • enabled - Anti-ransomware is enabled on the volume.

  • dry-run - Anti-ransomware is enabled in the dry-run or evaluation mode on the volume.

  • dry-run-paused - Anti-ransomware is paused from dry-run or evaluation mode on the volume.

  • enable-paused - Anti-ransomware is paused on the volume.

  • disable-in-progress - Anti-ransomware disable work is in progress on the volume.

[-dry-run-start-time <MM/DD/YYYY HH:MM:SS>] - Dry Run Start Time

If this parameter is specified, the command displays the dry run start time of the volumes that have the state dry-run or dry-run-paused.

[-attack-probability {none|low|moderate|high}] - Attack Probability

If this parameter is specified, the command displays information only about the volumes that have the specified probability. The possible values are none ,low , moderate , and high .

  • none - No data is suspected for ransomware activity.

  • low - Small amount data is suspected for ransomware activity.

  • moderate - Moderate amount of data is suspected for ransomware activity.

  • high - Large amount data is suspected for ransomware activity.

[-attack-timeline <MM/DD/YYYY HH:MM:SS>,…​] - Attack Timeline

If this parameter is specified, the command displays information only about the volumes that have the specified attack-timeline.

[-no-of-attacks <integer>] - Number of Attacks

This provides the number of ransomware attacks observed.

[-attack-detected-by <anti_ransomware_detection_type>] - Attack Detected By

If this parameter is specified, the command displays information only about the volumes that have the specified attack detection type. The possible values are file , block .

  • file_analysis - Attack is detected by file activity analysis.

  • encryption_percentage_analysis - Attack is detected by data encryption percentage.

[-block-device-detection-status <arw_block_device_detection_status>] - Block Device Detection Status

If this parameter is specified, the command displays information only about the volumes that have the specified block device detection status. The possible values are:

  • evaluation_period - Attack detection is currently in its evaluation phase.

  • active_unsuitable_workload - Attack detection is active, but the current workload is not suitable for Anti-ransomware protection.

  • active_suitable_workload - Attack detection is active, and the current workload is appropriate for Anti-ransomware protection.

[-block-device-evaluation-start-time <MM/DD/YYYY HH:MM:SS>] - Block Device Evaluation Start-time

If this parameter is specified, the command displays information only about the volumes that have the specified evaluation start time..

Examples

The following example shows a sample output for this command:

cluster1::> security anti-ransomware volume show

Vserver    Volume       State
---------- ------------ -------
vs1        vol1         enabled