Answer

Veeam Inline Entropy Analysis Checks

Forum|Forum|1 year ago
September 29, 2024
4 comments
73 views

+5

tarik.yenisey
VUG Leader

Hello everyone,

Veeam Inline Entrophy analysis feature checks if any encryption has started on VMs. Does this feature additionally perform text analysis with onion links and AI/ML? In other words, is it enough to scan the backup it received to perform these analyses or should the guest index file be open in the relevant backup job and the credentials of the machine should be entered?

Best answer by tarik.yenisey

Thank you for your support. I will try to integrate these logs with the XDR product. I think I can get better results.

+21

Chris.Childerhose
Veeam Legend, Veeam Vanguard
Forum|Forum|1 year ago
September 29, 2024

Yes it should but I would check out Shane's posts be did on the topic with a deeper dive -

https://community.veeam.com/blogs-and-podcasts-57/veeam-malware-detection-a-forensics-analysis-how-to-guide-7829

Like

+21

coolsport00
Veeam Legend
Forum|Forum|1 year ago
September 29, 2024

@tarik.yenisey -

No...inline entropy doesn’t really scan how you’re thinking. Inline scans at the “block” level, per the Guide, but rather detects “text artifacts” at that level. See link:
https://helpcenter.veeam.com/docs/backup/vsphere/malware_detection_data_blocks.html?ver=120

To get more into the file area, yes, you would need to enable File System Analysis...which yes...does require Guest Indexing to be enabled on the Jobs:

https://helpcenter.veeam.com/docs/backup/vsphere/malware_detection_guest_index.html?ver=120
https://helpcenter.veeam.com/docs/backup/vsphere/malware_detection_guest_index_hiw.html?ver=120

Hope that helps.

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00