When we enable ‘Guest file system indexing and malware detection’, this mean if the VM source infected by malware then VBR will send alert to us and keeping backup running?
If i want to test this, can i testing by simply put eicar file into the source VM?
I tried this with Eicar. Veeam detected it when I turned on index level control. But I found which files it detected virus in sure backup and Veeam's antivirus scan
Hi
To detect malware in Veeam environments, it’s important to implement a combination of technical tools (such as antivirus software, Veeam's built-in ransomware protection, and backup integrity checks) and best practices (such as regular scanning, monitoring, and encryption). Leveraging Veeam’s advanced features, along with security tools, can help maintain the integrity of your backup environment and provide peace of mind that your data is safe, even from evolving malware threats.
Hi
The Guest Indexing Data Scan is not a classical anti-virus and doesn’t search explicitly for malware. It searches for suspicious files and known ransomware extensions. So if you want to test it, you can check the content of the SuspiciousFiles.xml and place such a file inside of a VM. You can find all the details in the following helpcenter article:
https://helpcenter.veeam.com/docs/backup/vsphere/malware_detection_guest_index.html?ver=120
The inline scan might be able to detect the EICAR string, but again that’s not a replacement for an anti-virus.
https://helpcenter.veeam.com/docs/backup/vsphere/malware_detection_data_blocks.html?ver=120
I test only enabling the ‘enable guest file system indexing and malware detection’ the i run the backup job.
after that i create file extension which listed in suspicious file xml called test.1cbu1 then run the job again. I can see i not yet receive any alert for this suspicious file, are this is behavior of ‘enable guest file system indexing and malware detection’?
Can you please check whether then file system scan is enabled in the global malware detection settings?
https://helpcenter.veeam.com/docs/backup/vsphere/malware_detection_guest_index_enable.html?ver=120
I use community version and this menu is greyed out, this mean the file system scan is disabled?
Unfortunately the Community Edition doesn’t include the malware/ransomware detection features. That’s why both are disabled and greyed out.
Hi
yes it’s work now after assigning license and enable the malware detection setting
that’s a great discusison. very good to have this topic here
Hello,
Veeam use suspicious.xml file to detect malware, are this file is update automatically incase to detect if there any ne variance if malware?
Yes, the file is automatically update. That’s also in the helpcenter article from above:
Veeam Backup & Replication will communicate with the Veeam Update Server (vbr.butler.veeam.com) daily and download the latest version of the SuspiciousFiles.xml file. By default, this occurs once a day at 12:00 AM.
Hi All, I’m trying to understand the term entrophy, does anyone know how to explaing taht? I have had the manual, but, i didn’t undestand it so far.
Hi
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
