Is anybody using Cortex XDR along with Veeam? It should be fairly easy to extend the Antivirus definition file, but I can’t find any information about how (or even if) Cortex can be called to scan a specific file.
Solved
Cortex XDR as Antivirus Engine
Best answer by geschnei
After discussing the issue further with my colleague who is responsible for our AV we came to the conclusion that it might be better to use Defender (or other classical AV solutions) for these scans, since Cortex XDR is a behavioral scanner and might not be the best solution for pure file scanning.
We ended up editing the AV definition XML file on the mount server to change the IsPortableSoftware='false' of the Defender entry to IsPortableSoftware='true', so Veeam ignores the disabled state of the Defender service. Now Veeam is utilizing Windows Defender for SureBackup and Secure Restore while Cortex keeps scanning for behavioral anomalies in the background.
Still, if other people are using Cortex XDR I’d be interested in their opinions on this matter.
VMCE 2023 | Mastodon: https://social.tchncs.de/@schneidr | Blog: https://schneidr.de
+21Not sure if that AV is even supported with Veeam. Check here for how the AV process works and configurations - Antivirus Configuration File - User Guide for VMware vSphere (veeam.com)
Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
1 person likes this
Any AV is supported as you can write your definition file on your own. The once we liste in the definiton file ourselves are just the ones we tested in QA. I will keep you posted on Cortex XDR
+21renner-stefan wrote:
Any AV is supported as you can write your definition file on your own. The once we liste in the definiton file ourselves are just the ones we tested in QA. I will keep you posted on Cortex XDR
Thanks for clarifying this. Looking forward to the results.
Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
1 person likes this
After discussing the issue further with my colleague who is responsible for our AV we came to the conclusion that it might be better to use Defender (or other classical AV solutions) for these scans, since Cortex XDR is a behavioral scanner and might not be the best solution for pure file scanning.
We ended up editing the AV definition XML file on the mount server to change the IsPortableSoftware='false' of the Defender entry to IsPortableSoftware='true', so Veeam ignores the disabled state of the Defender service. Now Veeam is utilizing Windows Defender for SureBackup and Secure Restore while Cortex keeps scanning for behavioral anomalies in the background.
Still, if other people are using Cortex XDR I’d be interested in their opinions on this matter.
VMCE 2023 | Mastodon: https://social.tchncs.de/@schneidr | Blog: https://schneidr.de
+21geschnei wrote:
After discussing the issue further with my colleague who is responsible for our AV we came to the conclusion that it might be better to use Defender (or other classical AV solutions) for these scans, since Cortex XDR is a behavioral scanner and might not be the best solution for pure file scanning.
We ended up editing the AV definition XML file on the mount server to change the IsPortableSoftware='false' of the Defender entry to IsPortableSoftware='true', so Veeam ignores the disabled state of the Defender service. Now Veeam is utilizing Windows Defender for SureBackup and Secure Restore while Cortex keeps scanning for behavioral anomalies in the background.
Still, if other people are using Cortex XDR I’d be interested in their opinions on this matter.
Glad you were able to come to a resolution on this one. I am still interested as well in hearing about the Cortex XDR solution just for my own learning. 😁
Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
1 person likes this
+8I appreciate you marking your own response as the answer as that’s very insightful for all. I haven’t ventured too much into this integration, but I hadn’t considered the difference of an XDR vs antivirus/antimalware engine in this scenario.
Comment
Rich Text Editor, editor1
Editor toolbars
Press ALT 0 for help
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.