Updated AV Exclusions for Veeam backup and Replication


Userlevel 7
Badge +8

This KB came out years ago and was updated in January.  Just a reminder to check all of your Veeam infrastructure, SQL hosts, and guest OS’s that have application aware and indexing enabled.  I found a few servers that have been created in the last few years missing a few.

 

I don’t know if I’ll see much a performance increase, but it can’t hurt 😀

 

Antivirus Exclusions for Veeam Backup & Replication

KB ID:

1999

Product:

Veeam Backup & Replication | 11 | 12 | 12.1
Veeam Cloud Connect | 11 | 12

Published:

2015-02-03

Last Modified:

2024-01-02

Purpose

This article documents antivirus exclusions that may be created to reduce the impact that antivirus software has on the functionality of Veeam Backup & Replication. These antivirus exclusions may be applied to the Windows built-in antivirus or third-party antivirus software.

Note: Antivirus will not always cause Veeam Backup & Replication functions to fail; antivirus software may also negatively impact performance. Given the complex nature of antivirus software, it may be necessary to add additional exclusions. Users are encouraged to review their antivirus logs or history to determine if more objects need to be excluded.

  • Although these exclusions are primarily intended for antivirus software, they may also need to be applied to other security software. This includes any software that performs file scanning or access control, as these could potentially block or interfere with Veeam-related processes.

Antivirus Exclusions

On the Veeam Backup Server:

  • C:\Program Files\Veeam\
  • C:\Program Files (x86)\Veeam\
  • C:\Program Files\Common Files\Veeam\
  • C:\Program Files (x86)\Common Files\Veeam\
  • VBRCatalog Path

    This path can be found in the registry under the value named CatalogPath in the key HKLM\SOFTWARE\Veeam\Veeam Backup Catalog\
  • NFS Path

    This path can be found in the registry under the value named RootFolder in the key HKLM\SOFTWARE\Wow6432Node\Veeam\Veeam NFS\
  • C:\VeeamFLR\
  • C:\Windows\Veeam\
  • C:\ProgramData\Veeam\
    This is the default log directory location, if the log directory path has been changed, the AV exclusion must be adjusted to match.
  • C:\Windows\Temp\*\veeamflr-*.flat
  • C:\Windows\Temp\VeeamBackup\
  • C:\Windows\Temp\VeeamBackupTemp\
  • C:\Windows\Temp\veeamdumprecorder\

In Guest OS of protected Windows Machines:

If either Application-Aware Processing or Guest File System Indexing is enabled, the following folders will be used:

  • %programdata%\Veeam\
  • %windir%\VeeamVssSupport\

On SQL Servers, when SQL Server Transaction Log Backup is enabled, the following folder will be used:

  • %windir%\VeeamLogShipper\

If using Persistent Agent Components, the Veeam Guest Agent package will be installed.

  • C:\Program Files\Common Files\Veeam\Backup and Replication\Veeam Guest Agent\

In Guest OS of File-Level Restore Target Windows Machines:

When restoring files to the original machine or a different machine, the following folders are used:

  • %programdata%\Veeam\
  • %windir%\VeeamVssSupport\

Windows-based Backup Infrastructure Components

Below is a list of packages that may be installed on machines assigned Backup Infrastructure Component roles (e.g., VMware Bacup Proxy, WAN Accelerator, Windows Repository) and their associated AV exclusion requirements. Review which packages are installed on a given machine and create the AV exclusions based on which packages are installed.

 

General Folders

All Windows-based components use the following folders:

  • C:\ProgramData\Veeam\
    Default Log Folder
  • C:\Windows\Temp\Veeam\
  • C:\Windows\Temp\VeeamBackupTemp\

 

Package Specific AV Exclusions

Package names are as listed within the Programs & Features list (appwiz.cpl).

Veeam Installer Service

  • C:\Windows\Veeam\Backup\

Veeam Backup Transport

  • C:\Program Files (x86)\Veeam\Backup Transport\

Veeam CDP Proxy

  • C:\Program Files\Veeam\CDP Proxy Service\
  • Veeam CDP Proxy Cache Folder (For VMware Backup Proxies assigned to act as CDP Proxies)
    Default: C:\VeeamCDP\

Veeam Backup vPowerNFS

  • C:\Program Files (x86)\Veeam\vPowerNFS\
  • Instant recover write cache folder
    Review each repository's Mount Server setting and add an AV exclusion for the write cache path on the Mount Server specified.

Veeam Hyper-V Integration

  • C:\Program Files\Veeam\Hyper-V Integration\

Veeam Mount Service

Veeam WAN Accelerator Service

Veeam Remote Tape Access Service

  • C:\Program Files (x86)\Veeam\Backup Tape\

Veeam Backup Cloud Gateway

  • C:\Program Files (x86)\Veeam\Backup Gate\

Veeam Transaction Log Backup Service

  • C:\Program Files\Common Files\Veeam\Backup and Replication\Log Backup Service\

Repository File Extensions:

  • *.erm
  • *.flat
  • *.vab
  • *.vbk
  • *.vbk.tmp
  • *.vblob
  • *.vbm
  • *.vbm_*tmp
  • *.vcache
  • *.vib
  • *.vindex
  • *.vlb
  • *.vmdk
  • *.vrb
  • *.vsb
  • *.vslice
  • *.vsource
  • *.vsourcecopy
  • *.vsourcetemp
  • *.vstore
  • *.vstorecopy
  • *.vstoretemp

More Information

Related Articles

Third-Party Antivirus Exclusion References

Security Software on Linux

Due to the high variability in how each Security solution operates and may be configured, some Linux Administrators may find that no exclusions are needed. Yet others may find that their security policies may necessitate specific exclusions. With that in mind, we strongly encourage Linux administrators to review their security software's logging closely when issues occur and adjust rules/policies accordingly.

Veeam Support has observed that the most common issues occur when Antivirus has been configured to tightly secure the /tmp/ directory, which in turn causes conflicts with Veeam's use of the path /tmp/Veeam/ . For example,  a Veeam Agent for Linux backup job may display the error "POSIX: Failed to open file [/dev/veeamimage1]." This error can be misleading at first as the path shown in the error does not appear related to /tmp/Veeam/, but in fact,/dev/veeamimage is symlinked to /tmp/Veeam/{guid}/

Below is a preliminary list of folders and executables that Veeam Support has identified:

  • /dev/veeamimage*
  • /etc/veeam/*
  • /opt/veeam/*
  • /tmp/veeamagent*
  • /tmp/veeam/*
  • /tmp/veeam/{*}
  • /usr/bin/veeamconfig
  • /usr/sbin/veeam*
    Specific executables:
    • veeam
    • veeamagent
    • veeamjobman
    • veeammount
    • veeampsqlagent
    • veeamservice
    • veeamsupporttool
  • /var/lib/veeam/*
  • /var/log/veeam/*

To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.


View article...


3 comments

Userlevel 7
Badge +4

Actually, it was updated a few days ago 😁
Great reminder about how important is the AV exclusions. You guys have no idea how many problems we have with AV...

Userlevel 7
Badge +21

Thanks for sharing this update, Scott.  Need to take a look and see what we need to adjust for our Veeam servers and exclusions. 😎

Userlevel 7
Badge +8

Actually, it was updated a few days ago 😁
Great reminder about how important is the AV exclusions. You guys have no idea how many problems we have with AV...

Oh, I noticed that but then my brain shut off when I read the copy of the KB I had. haha

Comment