Skip to main content
Solved

Veeam Inline Entropy Analysis Checks

tarik.yenisey
Forum|alt.badge.img+5

Hello everyone,

Veeam Inline Entrophy analysis feature checks if any encryption has started on VMs. Does this feature additionally perform text analysis with onion links and AI/ML? In other words, is it enough to scan the backup it received to perform these analyses or should the guest index file be open in the relevant backup job and the credentials of the machine should be entered?

Best answer by tarik.yenisey

Thank you for your support. I will try to integrate these logs with the XDR product. I think I can get better results.

View original
VUG Türkiye Leader
    Chris.Childerhose
    coolsport00
    MicoolPaul
    10 people like this
    • Chris.Childerhose
      Chris.Childerhose
    • coolsport00
      coolsport00
    • MicoolPaul
      MicoolPaul
    • BertrandFR
      BertrandFR
    • Link State
      Link State
    • Nico Losschaert
      Nico Losschaert
    • ashanpro
      ashanpro
    • D
      DCC Thoaster
    • M
      M!ke
    • marcofabbri
      marcofabbri
    Did this topic help you find an answer to your question?

    4 comments

    Chris.Childerhose
    Forum|alt.badge.img+21
    • Chris.Childerhose
    • Veeam Legend, Veeam Vanguard
    • 8506 comments
    • September 29, 2024

    Yes it should but I would check out Shane's posts be did on the topic with a deeper dive -

    https://community.veeam.com/blogs-and-podcasts-57/veeam-malware-detection-a-forensics-analysis-how-to-guide-7829

     

    Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
    coolsport00
    Forum|alt.badge.img+20
    • coolsport00
    • Veeam Legend
    • 4146 comments
    • September 29, 2024

    @tarik.yenisey -

    No...inline entropy doesn’t really scan how you’re thinking. Inline scans at the “block” level, per the Guide, but rather detects “text artifacts” at that level. See link:
    https://helpcenter.veeam.com/docs/backup/vsphere/malware_detection_data_blocks.html?ver=120

    To get more into the file area, yes, you would need to enable File System Analysis...which yes...does require Guest Indexing to be enabled on the Jobs:

    https://helpcenter.veeam.com/docs/backup/vsphere/malware_detection_guest_index.html?ver=120
    https://helpcenter.veeam.com/docs/backup/vsphere/malware_detection_guest_index_hiw.html?ver=120

    Hope that helps.

    Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
    jos.maliepaard
    1 person likes this
    • jos.maliepaard
      jos.maliepaard
    StephenM
    Forum|alt.badge.img+1
    • StephenM
    • Comes here often
    • 32 comments
    • October 2, 2024

    also, just FYI, per the guide:

    • Text artifacts will be detected only if the following conditions are met:
    • The block size of the file system is 4 KB.
    • Text file has the UTF-8 encoding.
    • Text file is not stored in the Master File Table (MFT).
    Steve Merriman
    Chris.Childerhose
    coolsport00
    k00laidIT
    3 people like this
    • Chris.Childerhose
      Chris.Childerhose
    • coolsport00
      coolsport00
    • k00laidIT
      k00laidIT
    tarik.yenisey
    Forum|alt.badge.img+5
    • tarik.yenisey
    • Author
    • Influencer
    • 138 comments
    • Answer
    • October 2, 2024

    Thank you for your support. I will try to integrate these logs with the XDR product. I think I can get better results.

    VUG Türkiye Leader

    Comment


    Terms & Conditions