Skip to main content
  • EN

Veeam Inline Entropy Analysis is a feature used to detect ransomware attacks. This feature analyzes the entropy of the data stream during backup. Files encrypted by ransomware typically increase in entropy. By detecting this increase, Veeam Inline Entropy Analysis can stop a ransomware attack before it happens.

Benefits:

  • Rapid Detection: Ransomware attacks typically occur very quickly. Veeam Inline Entropy Analysis can prevent data loss and system outages by detecting these attacks before they happen.
  • Improved Accuracy: Traditional ransomware detection methods can cause false alarms. Veeam Inline Entropy Analysis aims to minimize the number of false alarms using entropy analysis.


How does it work:

Veeam Inline Entropy Analysis analyzes the entropy of the data stream during backup. Files encrypted by ransomware typically increase in entropy. By detecting this increase, Veeam Inline Entropy Analysis can stop a ransomware attack before it happens.

What types of VMs (or systems) can be scanned with Veeam Intropy Analysis?

  • VMware VMs, including VMware Cloud Director VMs
  • Hyper-V VMs
  • Machines with Veeam Agent for Microsoft Windows running in managed mode on your Veeam server
  • Machines backed up to tape devices

 

Veeam Inline Entropy Analysis can be used in a variety of use cases, including:

  • Backup of physical and virtual servers
  • Backup of applications and databases
  • Backup of Microsoft Office 365 and SharePoint

Scanning Process:

Veeam Inline Entropy Analysis scans the data stream during backup. The scanning process occurs in the background and does not significantly impact backup performance.

Veeam Inline Entropy Analysis has an architecture consisting of the following components:

  • Data Stream Analyzer: Analyzes the entropy of the data stream.
  • Threshold Controller: Triggers an alarm when entropy exceeds the threshold value.
  • Quarantine Manager: Quarantines suspicious files.

Veeam Inline Entropy Analysis can detect various types of viruses and ransomware, including:

  • CryptoLocker
  • TeslaCrypt
  • WannaCry
  • Petya
  • Ryuk

Veeam Inline Entropy Analysis has the following limitations:

  • It only scans during backup.
  • It does not scan compressed files.

You can follow the steps below to activate it:

It should be entered in the Malware Detection > General field via the Veeam interface.
Then, as seen in the image below, the Enable inline entropy analysis option is activated.

(Note: If you have a low-risk environment, you can use the Normal or Extreme option. If you use a high level of encryption, you can use the Low option.)

 

This is such a great addition to Veeam for protection.  Just might need to do another book before the next release of Veeam that focuses on all things Ransomware and the great additions to 12.1.x.  😎

Nice overview Tarik. Myself and another did posts on this feature as well!

@Chris.Childerhose - you are a book-writing machine! 😂

Thanks for sharing Tarik!

Nice overview Tarik. Myself and another did posts on this feature as well!

@Chris.Childerhose - you are a book-writing machine! 😂

Thanks for sharing Tarik!

I figured might as well start planning one since who knows when v13 or whatever it will be called is coming out.  Seems the 12.1.x is the path currently.

Nice overview Tarik. Myself and another did posts on this feature as well!

@Chris.Childerhose - you are a book-writing machine! 😂

Thanks for sharing Tarik!

I figured might as well start planning one since who knows when v13 or whatever it will be called is coming out.  Seems the 12.1.x is the path currently.

Favor favors the prepared 😉

Nice overview Tarik. Myself and another did posts on this feature as well!

@Chris.Childerhose - you are a book-writing machine! 😂

Thanks for sharing Tarik!

Thanks Shane :)

Comment


Terms & Conditions