Skip to main content

Veeam Backup and Replication V12.3 - New Malware Detection Settings

Dynamic
Forum|alt.badge.img+9

Hi Folks,

just a quick Overview in Screenshots of the new Malware Detection Settings within V12.3.

 

pre 12.3:
the Tab Incident API & Notifications remain the same with V12.3

 

 

starting with V12.3:

  • new Tabs with File Detection and Signature Detection.
  • Suspicious activity detection (with Update malware definitions automatically) moved to the tab File Detection
  • within the Release Notes, modified URLs are listed regards Signature updates, so keep this in mind for your Firewall - please also check the note regards to existing AVs (KB1999 will be your friend):

  • after my Update in the Lab, the Signature Detection was on Bring you own antivirus - i changed it to Veeam Threat Hunter.

 

 

 



File Detection Feature (extra Tab) - changed Signature URLs​​​​​

New Signature Detection Feature

 

EDIT:

also checked the MITRE ATT&CK (under Indicator of Compromise / Attack tactics to monitor): i placed a TeamViewer on the System. See the results 😉

Attack tactitcs to monitor

 

 

new file “indicators_of_compromise” in C:\ProgramData\Veeam\Backup\Malware_Detection_Logs

 

Cheers, Markus

 

 
 

 

 

Markus Hartmann | Veeam Vanguard | Veeam Legend 2024 | VMCA 2024 & VMCE 2024 | VMware Certified Implementation Expert - DCV 2024 | https://markushartmann.blog/

marco_s
Forum|alt.badge.img+8
  • marco_s
  • Influencer
  • December 4, 2024

Thanks for the recap Markus!

It is very interesting to see how these cybersecurity related sections are evolving more and more within the software!

Marco Sorrentino - Italy | System Engineer | VMCE & VMCA
Chris.Childerhose
Dynamic
leduardoserrano
3 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • Dynamic
    Dynamic
  • leduardoserrano
    leduardoserrano
Chris.Childerhose
Forum|alt.badge.img+21

Loving the new malware components. Need to test them out and see how they can add value to our services.  Thanks for sharing 🙏 

Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
Dynamic
leduardoserrano
2 people like this
  • Dynamic
    Dynamic
  • leduardoserrano
    leduardoserrano
coolsport00
Forum|alt.badge.img+20

Be aware the IoC will only work when the FSA engine is enabled. Doesn’t apply for the Inline Entropy engine. Thanks Markus!

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
Dynamic
leduardoserrano
2 people like this
  • Dynamic
    Dynamic
  • leduardoserrano
    leduardoserrano

Comment


Terms & Conditions