[guide] v12.1 Beta: How to Install PostgreSQL 15.4 & VBR 12.1 & EM + Malware Detect Extension to Monitor


Userlevel 7
Badge +7

 

Hello everyone,

I want to share the tests performed on Beta 12.1.0.1944. From the installation of the PostgreSQL Database to VBR12.1, with a focus on the new Security & Compliance features introduced in this release. This version is particularly interesting for the introduction of new features dedicated to the security of the backup infrastructure and the related data protection.

Planning and Preparation - User Guide for VMware vSphere (veeam.com)

 

Prepare the virtual machine with requirements according to the needs of your infrastructure.

  • Vmware Side:

NEVER use a vmdk disk as a backup repository in production.

Add new Disk ( vmdk for only test) for dedicate d repository NVMe Controller.

VMware NVMe Concepts

  • Format disk REFS 64k
  • Check System requirements

System Requirements - User Guide for VMware vSphere (veeam.com)

  • Install from your template golden Image Windows
  • Install Vmware Tools & Windows CU  last version

Install & configure PostgreSQL

  • Check this link if you need switch from MSQL Express to PostgreSQL

Switch from SQL Server to PostgreSQL for Veeam

  • In my case the first installation of PostgresQL 15.4 failed with this error launching executable with Runa As Administrator

TIP: Istall PostgraSQL only in NTFS filesystem

  • The PostgreSQL setup does not successfully complete the Database installation I encountered a bug, I will highlight later how to fix it.

During installation this error is proposed:

  • The database was not created
  • Uninstall PostgeSQL 15

Press OK

After uninstall completed reboot server

  • Workaround install PostgreSQL 15.4
net user /add postgres m+HYy:Lt6=2rXh

net localgroup administrators postgres /add

net localgroup "power users" postgres /add

runas /user:postgres cmd.exe

Post installation remove usre from Local Administrator

  • Run the install file from within the command window.
  • Run the installation file from the CMD Run AS postgres user
  • Create New Folder il C:\PostgreSQL

The default Installation path in “C:\program Files” the wizard set up lack of permission in the installation process

Add the group and user in the folder security

  • Relaunch the PostgreSQL installation from the DOS window with Run As Postgre user launched earlier and recompile wizard.
  • Post Install

Remove postgres user for Local Administrator

  • Verify the Installation PostgreSQL
  • Check DB connection
    • Server Enter
    • Database Enter
    • Port Enter
  • Create a PostgreSQL account preparatory to vbr server installation.

Account PostgreSQL

vbr

m+s_41peW2!*=2rXh!

Install VBR 12.1.1944

  • Check creration Veeam DB

Install EM

  • Launch VBR console & check new VEEAM AI (i love It)

Through the new "Veeam AI" feature it is possible to query the chatbot to obtain information regarding the assessment and other information relating to the safety and configuration of the product

  • Malware Detection

 

 

  • @Rick Vanover  @Mildur after inserting the extension files and saving, I reopened extension monitor but it returns this error
  • A list of suspicious or trusted file extensions can be additions

  exe     file icon  exe    Program executable
  dll     file icon  dll    Dynamic Link Library
  lnk    Windows Shortcut
  swf     file icon  swf    ShockWave Flash, Animated vector format for the Internet
  sys    System file
  jar     file icon  jar    Compressed archive file package for Java classes and data
  scr     file icon  scr    MS Windows screensaver
  gzquar    BitDefender quarantined data file
  js     file icon  js    JavaScript source code script
  com     file icon  com    Command executable
  zix     file icon  zix    WinZix compressed archive
  bat     file icon  bat    Batch file (executable)
  ocx     file icon  ocx    ActiveX Control
  vbs     file icon  vbs    Visual Basic script
  bin    Binary executable
  class file icon  class    Java bytecode class
  ws     file icon  ws    Microsoft Windows script
  drv     file icon  drv    Microsoft Windows device driver
  ozd    Win32.TrojanDownloader.Agent.OZD trojan
  shs     file icon  shs    Microsoft Windows Shell Scrap Object
  wmf     file icon  wmf    Windows Metafile Format
  aru    Autorun.aru malicious data
  dev     file icon  dev    Windows device driver
  chm     file icon  chm    Microsoft compiled HTML help module
  pgm     file icon  pgm    Portable graymap file format
  xnxx    Spyware file
  pif     file icon  pif    Microsoft Windows program information
  vxd     file icon  vxd    Microsoft Windows virtual device driver
  dxz    Trojan backdoor virus data
  xlm     file icon  xlm    Microsoft Excel macro
  tps    Scam torrent file
  vbe     file icon  vbe    Visual Basic encoded script
  scr    Script
  pcx     file icon  pcx    Paintbrush bitmap image
  sop    Malware word.sop data
  vba     file icon  vba    Visual Basic VBA module
  0_full_0_tgod_signed    CrossFire_OBV4.8.3.0_Full_0_tgod_signed.exe
  boo    Microsoft Booasm.arc encoded file archive
  386     file icon  386    Windows virtual device driver
  hlp     file icon  hlp    Help file
  vb     file icon  vb    Microsoft Visual Studio Visual Basic script
  tsa    jnana.tsa malware
  bkd    Book Library Local Dos exploit data
  exe1    Renamed executable
  vbx     file icon  vbx    Microsoft Visual Basic Extension
  exe_renamed    Renamed EXE file
  lik    Trojan.Win32.Agent.lik data
  .9    YoutubeAdBlocke data
  rhk    Backdoor.Win32.Rbot.rhk data
  xir    BackDoor.Generic9.XIR trojan data
  osa    W32/Sober-AD data
  cih    Chernobyl virus data
  dyz    Backdoor.Win32.ProRat.dyz trojan file
  mjz    Trojan.Win32.Agent.mjz data
  hlw    win32/AMalum.EDHZ data
  bxz    itaup.bxz malware data
  cla     file icon  cla    Java class data
  dlb    Troj/Dloadr-AHT data
  wsc     file icon  wsc    Microsoft Windows scripting component
  mjg    Trojan data
  dom    DomPlayer malicious data
  spam    Spam e-mail message
  cxq    SillyDl.CXQ downloading trojan data
  s7p    SubSeven malware
  mfu    Backdoor.Win32.Agent.mfu data
  dyv    WORM_AUTORUN.DYV worm data
  kcd    rshiphop.kcd malware
  wsh     file icon  wsh    Microsoft Windows Scripting Host data
  bup    McAfee quarantined data
  rsc_tmp    Temporary data
  mcq    McAfee quarantined data
  upa    Fake download
  dli    Win32.Sober.AD@mm file
  txs    Beast Trojan data
  bhx    BinHex compressed file ASCII archive
  fnr    Trojan-Dropper.Win32.Flystud.lc. data
  xlv     file icon  xlv    Microsoft Excel VBA module
  xdu    Backdoor.Win32.PcClient.xdu data
  wlpginstall    Possible Malware data
  ska    Happy99 virus data
  dllx    Backdoor.Bot data
  vexe    Infected executable
  tti    Beast Trojan data
  cfxxe    Possibly Malware file
  smtmp    Trojan:Win32/FakeSysdef folder
  xtbl    deshifrovka01@gmail.com data
  fag    Win32.AutoRun.fag
  qrn    Quarantine data
  ceo    Winewar worm data
  oar    HSQLDB database
  uzy    Backdoor.Sokacaps data
  dbd    DemoShield project
  tko    Win32/Oficla malware data
  bll    VBS/European-A worm file
  plc    Lotus add-in functions macros applications
  smm    Ami Pro macro
  ssy    W32/Sober-AD file
  zvz    Malware data
  blf    Beast Trojan data
  cc    Trojan Spymaster.A text document
  ce0    Winewar worm data
  iws    Trojan-Downloader.JS.Agent data
  lkh    Worm.Generic.LKH virus data
  nls    Troj/Agent-GIS data
  crypt1    UltraCrypter ransomware encrypted file
  hsq    Qaz Trojan data
  vzr    Sinowal.vzr malware data
  ctbl    Malware encrypted data
  ezt    Worm.Win32.AutoRun.ezt data
   atm     file icon  atm    Troj/ProAgent-A data
  aut    Malware AutoStartup data
  hts    Troj/DelSpy-E data
  rna    Malware data
  let    Nuke Randomic Life Generator data
  aepl    Trojan data
  fuj    Worm.Win32.AutoRun.fuj virus data
  buk    Malicious data
  capxml    Capella XML document
  delf    Malicious or virus data
  fjl    Rootkit.Win32.Agent.fjl virus data
  bmw    W32/Liji-A virus data
  bps    AdwareBlaster data
  cyw    Rbot.CYW worm data
  iva    Dementia.4207 virus data
  pid    W32/Yayin-A worm data
  lpaq5    LPAQ5 compressed archive
  dx    Win32/Alureon data
  qit    Backdoor.QIT trojan horse data
  xnt    W32/Sober-AD data
  lok    W32/Rbot-WE log file
  bqf    Backdoor.Win32.Ciadoor.bqf trojan
  pr    W32/Brontok-DP worm file
  bxz    Balabolka text document (compressed)

Microsoft Word
winword.exe
rtf
doc
dot
docm
docx
dotx
dotm
docb

WordPad
wordpad.exe
docx
rtf

Microsoft Excel
excel.exe
xls
xlt
xlm
xlsx
xlsm
xltx
xltm
xlsb
xla
xlam
xll
xlw

 

Microsoft PowerPoint

powerpnt.exe
ppt
pot
pps
pptx
pptm
potx
potm
ppam
ppsx
ppsm
sldx
sldm

Adobe Acrobat
acrord32.exe
pdf

Foxit PDF Reader
FoxitReader.exe

STDU Viewer
STDUViewerApp.exe

Microsoft Edge
MicrosoftEdge.exe

Google Chrome
chrome.exe

Mozilla Firefox
firefox.exe

Yandex Browser
browser.exe

Tor Browser
tor.exe

Sciprts

BAT – A batch file. Contains a list of commands that will be run on your computer if you open it. Originally used by MS-DOS.

CMD – A batch file. Similar to .BAT, but this file extension was introduced in Windows NT.

VB, .VBS – A VBScript file. Will execute its included VBScript code if you run it.

VBE – An encrypted VBScript file. Similar to a VBScript file, but it’s not easy to tell what the file will actually do if you run it.

JS – A JavaScript file. .JS files are normally used by webpages and are safe if run in Web browsers. However, Windows will run .JS files outside the browser with no sandboxing.

JSE – An encrypted JavaScript file.

WS, .WSF – A Windows Script file.

WSC, .WSH – Windows Script Component and Windows Script Host control files. Used along with with Windows Script files.

PS1, .PS1XML, .PS2, .PS2XML, .PSC1, .PSC2 – A Windows PowerShell script. Runs PowerShell commands in the order specified in the file.

MSH, .MSH1, .MSH2, .MSHXML, .MSH1XML, .MSH2XML – A Monad script file. Monad was later renamed PowerShell.
 

enjoy

;)

Check Security & Compliance

[GUIDE] VBR 12. 1 How to pass all Security & Compliance Part 01 | Veeam Community Resource Hub

[GUIDE] VBR 12. 1 How to pass all Security & Compliance Part 02 | Veeam Community Resource Hub

Check Set Hardening script & Report.

@damien commenge

https://community.veeam.com/script-library-67/check-and-set-hardening-on-vbr-server-6021?tid=6021&postid=49894#post49894

Edit: 10/12/2023

 

I attach xml file to import suspicious files & trusted files

Import-Malware-Sospicious-file-extension-And-Trusted-files.xml


19 comments

Userlevel 7
Badge +20

Very detailed guide and steps. 👍

Userlevel 7
Badge +10

Hey @Link State  → That file extension engine isn’t fully operational in the beta, meaning, it will load once. Subsequent manipulations will not work as expected, this has been fixed in subsequent builds. cc @Mildur 

Userlevel 7
Badge +11

Nice post! Im using here VBR 12.1 in postgre too.

Userlevel 7
Badge +9

This is awesome @Link State I am actually working on similar guides but yours cover two of it. It will NEVER be too much :-)

Userlevel 7
Badge +8

Very good detail. Great write up!

Userlevel 7
Badge +7

updated 3d with the link to @damien commenge  hardening script

Userlevel 7
Badge +7

update

I attach xml file to import sospicious files over 4k extensions & trusted files

Import-Malware-Sospicious-file-extension-And-Trusted-files.xml

Regards

Userlevel 7
Badge +17

Nice detailed write-up @Link State !

Userlevel 7
Badge +7

thank you @coolsport00 

Userlevel 7
Badge +7

Hi all, update:  I have updated the xml file, removing the trusted files with extensions *.docx *.xlsx with version 12.1.1.56 as they cannot be loaded from the import error. 😀

 

 

Userlevel 7
Badge +20

Thanks for the update @Link State as I tried to load the XML but did get an error.  Will try this one and see.  👍🏼

Userlevel 7
Badge +7

Thanks for the update @Link State as I tried to load the XML but did get an error.  Will try this one and see.  👍🏼

I have just tried version 12.1.1.56
Removing as I told you the trusted file extension
let me know.

Userlevel 7
Badge +17

So, you all do enable Guest Indexing in your jobs? Hmm…

Just for the malware detection...may be worth attempting to do so again. 

Userlevel 7
Badge +20

Thanks for the update @Link State as I tried to load the XML but did get an error.  Will try this one and see.  👍🏼

I have just tried version 12.1.1.56
Removing as I told you the trusted file extension
let me know.

Very cool that one imported.  Thanks for sharing it.  

Userlevel 7
Badge +7

So, you all do enable Guest Indexing in your jobs? Hmm…

Just for the malware detection...may be worth attempting to do so again. 

I personally never enable Guest Indexing.
I do not use "1-click restore in Veeam Backup Enterprise Manager".

Userlevel 7
Badge +7

Thanks for the update @Link State as I tried to load the XML but did get an error.  Will try this one and see.  👍🏼

I have just tried version 12.1.1.56
Removing as I told you the trusted file extension
let me know.

Very cool that one imported.  Thanks for sharing it.  

 

\o/ 😎

Userlevel 7
Badge +17

 

So, you all do enable Guest Indexing in your jobs? Hmm…

Just for the malware detection...may be worth attempting to do so again. 

I personally never enable Guest Indexing.
I do not use "1-click restore in Veeam Backup Enterprise Manager".

Same. I’ve just never had a use for it myself either. Also, if you, like me, don’t enable this...not sure why you add this file exclusion info...according to the Guide, this area of Malware Detection won’t work as it requires Guest Indexing to be enabled in the jobs. Or, am I missing something?…. 🤔

Userlevel 7
Badge +7

 

 

So, you all do enable Guest Indexing in your jobs? Hmm…

Just for the malware detection...may be worth attempting to do so again. 

I personally never enable Guest Indexing.
I do not use "1-click restore in Veeam Backup Enterprise Manager".

Same. I’ve just never had a use for it myself either. Also, if you, like me, don’t enable this...not sure why you add this file exclusion info...according to the Guide, this area of Malware Detection won’t work as it requires Guest Indexing to be enabled in the jobs. Or, am I missing something?…. 🤔

Yes, it is true, it is also written in the description.

I did it to share it with the community someone certainly uses it and I brought it along in case I needed it. 😁

Userlevel 7
Badge +17

I did it to share it with the community someone certainly uses it and I brought it along in case I needed it.” ← Ah, ok. No...it’s a *very* good share @Link State . I was just making sure I read the Guide correctly to understand how Malware Detection works. 😊 Thank you.

Comment