Skip to main content
  • EN

Hi there
Today, I want to share with you all a technology/partner that caught my eye at VeeamOn 2025 in San Diego, CA.

Have you ever wondered how to «enforce» or «protect» your Veeam Windows Setup, with local / presented Storage, without modifying or adding Appliances/devices to your Infrastructure?

Here is where Blocky comes into Play.


The Only Ransomware Protection That Runs on the Veeam Windows Server.

Blocky installs and runs directly on Windows-based Veeam Backup & Replication (VBR) servers—securing backup jobs at the source without requiring added hardware, Linux, or infrastructure changes.
Blocky hardens the Windows VBR against ransomware threats by transforming the ReFS and NTFS volumes into a zero-trust, Write Once Read Many (WORM) volume.
This creates robust ransomware protection for Veeam backup volumes without disrupting operations.

Another important aspect is that the learning curve is relatively easy to learn/manage.
No extra Hardware/tech needed, and no modifications (or big mods) on your existing setup.

Key Capabilities

  • WORM Shield – Ensures data protection on ReFS and NTFS volumes to prevent ransomware from altering backups
  • Zero Trust Architecture – Only explicitly authorized processes can interact with protected backup data
  • Multi-Factor Authentication (MFA) – Strengthens administrative access security with optional MFA
  • Disk Protection – Prevents physical disk tampering—adding protection beneath the file system layer
  • Real-Time Alerting – Detects and records access attempts, supporting incident response
  • Centralized Control – Enables uniform protection policies across multi-site or distributed environments

How Blocky Works

When installed, Blocky:

  • Transforms standard NTFS and ReFS volumes into hardened WORM volumes
  • Creates a zero-trust environment where only authorized Veeam processes can modify data
  • Stops all unauthorized access for write, delete, and encryption to the backup volumes
  • Provides real-time detection and alerts for unauthorized access attempts
  • Delivers disk-level protection to prevent physical tampering with storage media
  • Enables centralized policy control for unified security across multiple locations

 

I see Blocky as super useful in many different scenarios,
What quickly comes to my mind, SMBs without deep IT Skills, or no Linux Skills,
Windows fully dependent setups, and of course, companies looking to enforce their local backup volumes, as an extra layer of security.

Stay tuned, next entry, Installation and first look into the Blocky console.

Screenshot, Blocky Console initial look.

https://lfconsulting.org/blocky-for-veeam

Cheers.

Great article. This is a good tool for certain environments. unfortunately my trail is expired, but like to play with it. 

 

So...basically a software-based immutability tool from a guest OS perspective? Nice! I was at VON and didn’t hear about this tool. Thanks for sharing Luis.

 

I remember looking at them some time ago as they are an added layer for Veeam and Windows storage.  Great article Luis looking forward to seeing this one in action. Never got to test it myself.

Great article, lots of knowledge. 

Great Article Luis.
Here in Germany is Blocky (from GRAU Data, also a german company) a solution which is in use at some customer installations, imo mostly because it’s easy and “cheap”. And it was there, long before a Veeam HR.
Personally i’m not a friend of this, imho a Veeam Hardened Repository (based on any Linux distribution or the Veeam VHR ISO) is the better solution and cost-free. 
But some customers are not Linux friends, so it’s an option… And Veeam is all about options 😀

Great Article Luis.
Here in Germany is Blocky (from GRAU Data, also a german company) a solution which is in use at some customer installations, imo mostly because it’s easy and “cheap”. And it was there, long before a Veeam HR.
Personally i’m not a friend of this, imho a Veeam Hardened Repository (based on any Linux distribution or the Veeam VHR ISO) is the better solution and cost-free. 
But some customers are not Linux friends, so it’s an option… And Veeam is all about options 😀

Hi!

As you said, is all about options.
There are companies without Linux expertise, or without the freedom to setup hardware….
IF you already relay on Windows Repos and Veeam, is a great way to add an extra layer of security.

Caught my eye your sentense of the VHR, is free, yes, but…. Support? if something goes wrong?
hours of patching from time to time?, experience? available HW?, mantenace?

Its complicated, depending on the companies needs and situtation.

But I also like and quote your sentece, “Veeam is all about options”.

Cheers! 

Same ​@Dynamic ...I prefer Linux-based immutability and adding nothing additional to VBR. I assume this doesn’t go on the VBR server itself though, but rather the Windows-based Veeam Repo. But, I can understand it being used for those who are afraid of Linux 😊

I listened to their bit at VeeamON as well but I was having a hard time understanding why this would be better than using a VHR.  That said, it also would require Windows licensing which the VHR bypasses.  Furthermore, I’m not familiar with if/how Blocky hardens the OS - I had a client that was running a VBR deployment on a physical server running Windows Server 2022 and the OS was breached - I’m assuming Blocky protects against this but haven’t dug into the technical details of how.

In the end, it looks like a cool product that would be great for those with no Linux skills, but for me personally, it’s a pass because the VHR offers me more advantages at this time.

I have to agree with everyone else here that while this is interesting, there’s really not much reason to try hardening a windows block repository when the Linux Hardened Repository is getting so easy to deploy.

It would be interesting to see exactly how it locks things down though. Perhaps it could be useful for other applications.

I have to agree with everyone else here that while this is interesting, there’s really not much reason to try hardening a windows block repository when the Linux Hardened Repository is getting so easy to deploy.

It would be interesting to see exactly how it locks things down though. Perhaps it could be useful for other applications.

I get your point, but despite that, there are environments where a Windows-only deployment is favoured. This is often due to factors like tight integration with Active Directory, reliance on Windows-based management tools, or specific compliance requirements that mandate a Windows platform.

Great Article Luis.
Here in Germany is Blocky (from GRAU Data, also a german company) a solution which is in use at some customer installations, imo mostly because it’s easy and “cheap”. And it was there, long before a Veeam HR.
Personally i’m not a friend of this, imho a Veeam Hardened Repository (based on any Linux distribution or the Veeam VHR ISO) is the better solution and cost-free. 
But some customers are not Linux friends, so it’s an option… And Veeam is all about options 😀

Exactly my point! Microsoft already provides a full set of tools to administer Windows, yet many still opt for third-party (3rd) solutions. It’s the same with Veeam customers choosing alternatives over native options such as VHR.

As you have rightly mentioned, “Veeam is all about options”.’ I completely agree, since Veeam aim to deliver data protection that integrates seamlessly into any environment, giving customers the flexibility to choose what best fits their infrastructure!!!

Comment


Terms & Conditions