Active IQ Unified Manager 9.11 has this flagged on one of our svms. | NetApp | Page 1

vague condor Feb 1, 2023, 6:56 PM

#

Event: Storage VM anti-ransomware monitoring is Disabled
We aren't licensed for it and it just seemed a bit odd. Its flagged on the destination svm in an svm dr setup, but not on the actual primary svm. At least as far as i'm aware its not possible to actually enable this without paying for it, and i'm not sure why it would flag it on a destination svm and not the primary.

crimson elbow Feb 1, 2023, 7:55 PM

#

"Anti-ransomware is not supported for offline volumes, restricted volumes, SnapLock volumes, FlexGroup volumes, FlexCache volumes, SAN-only volumes, volumes of stopped storage VMs, root volumes of storage VMs, or data protection volumes."

#

https://docs.netapp.com/us-en/active-iq-unified-manager/health-checker/task_view_antiransomware_status_of_all_volumes_storage_vms.html#view-security-details-of-all-volumes-with-anti-ransomware-detection

#

Guess that's why it shows up on this SVM-DR destination SVM

feral gate Feb 1, 2023, 8:13 PM

#

If you can't enable it because it's not supported, then AIQ should just ignore it.

carmine chasm Feb 2, 2023, 1:40 AM

#

Hi Travis. This is just a supposition at this point, but since both AIQUM and AIQ Digital Advisor use the same rules, this could actually be related to enabling fpolicy for those SVMs and not so much the licensed anti ransomware features. AIQDA is lumping fpolicy under the anti ransomware card, and UM might be doing the same thing.

If that's not it, I'd recommend opening up a case for UM so we can look at the event and cluster in detail and confirm if it's a false event or not.

#Active IQ Unified Manager 9.11 has this flagged on one of our svms.