Skip to main content
Solved

Veeam Threat Hunter - force update?

lukas.k
Forum|alt.badge.img+10

Dear community,

 

Does anyone have an idea if I can force a threat hunter signature update?

 

I do have 2 different cases:

 

  1. Lab case (NFR license!)

I do have a lab with a NFR license activated and my SureBackup fails on a regular base with the error message, that the Threat Hunter signature update is not possible.

I already reviewed the firewall rules and updates a rule set for v12.3 so that every requirement should be done.

 

  1. Customer case (prod license)

The SureBackup (antivirus) fails with the error message that there is no signature database available. wr already reviewed the FW rules and don’t see issues.

 

Can I force the signature update manually somehow?

 

If nobody has input on this I will of course open a support ticket!

 

Thanks in advance!

Lukas

Best answer by Chris.Childerhose

Also this Forum thread mentions you do not have to do anything with Threat Hunter as well - About Veeam Threat Hunter Specifications - R&D Forums

View original
LK | Veeam Vanguard | VUG Leader - Cyber Security Space | Security Specialist
Did this topic help you find an answer to your question?

8 comments

Chris.Childerhose
Forum|alt.badge.img+21
  • Chris.Childerhose
  • Veeam Legend, Veeam Vanguard
  • 8436 comments
  • February 11, 2025

If you read the help here it tells you when Threat Hunter updates which is before a scan and automatically - How Veeam Threat Hunter Works - User Guide for Microsoft Hyper-V

Note

Consider the following:

  • Veeam Threat Hunter checks updates for malware signatures before running the scan, but not more often than every 1 hour. Note that the initial malware signature update may take longer than the subsequent updates.
Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
lukas.k
1 person likes this
  • lukas.k
    lukas.k
Chris.Childerhose
Forum|alt.badge.img+21
  • Chris.Childerhose
  • Veeam Legend, Veeam Vanguard
  • 8436 comments
  • February 11, 2025

I am not seeing a manual way to run updates but if it does before it scans a job then that should suffice to me in both cases.

 
 
 
Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
lukas.k
1 person likes this
  • lukas.k
    lukas.k
Chris.Childerhose
Forum|alt.badge.img+21
  • Chris.Childerhose
  • Veeam Legend, Veeam Vanguard
  • 8436 comments
  • Answer
  • February 11, 2025

Also this Forum thread mentions you do not have to do anything with Threat Hunter as well - About Veeam Threat Hunter Specifications - R&D Forums

Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
lukas.k
1 person likes this
  • lukas.k
    lukas.k
lukas.k
Forum|alt.badge.img+10
  • lukas.k
  • Author
  • Veeam Vanguard
  • 193 comments
  • February 12, 2025

Update on this, I reviewed the logs:

 

Funfact: The repo server (Windows - from that I screenshotted the log) is able to access the required URL with p443:

 

 

Right now I’m waiting for my support case administrator role to open a support ticket.

LK | Veeam Vanguard | VUG Leader - Cyber Security Space | Security Specialist
Chris.Childerhose
1 person likes this
  • Chris.Childerhose
    Chris.Childerhose
G
  • gordon
  • Not a newbie anymore
  • 1 comment
  • February 13, 2025

I have similar problem:

Start signature update
The directory C:\ProgramData\Veeam\Threat Hunter\Engines\{6b069423-129a-4467-87a6-351c3d2e2f5a} is not exist. Create the directory and make a full update.
DB update is started
CVeeamAntivirus_PerformUpdate failed.
Failed to update threat signatures: I/O operation timed out while receiving an HTTP response. Error code -2108

Ticket opened on Monday, but no progress yet, support agent only checks Threat Hunter requirements and limitations.
Mount server is behind company internet proxy, but Veeam License Update Server and Veeam Signature Update Server are accessible.

Chris.Childerhose
1 person likes this
  • Chris.Childerhose
    Chris.Childerhose
Chris.Childerhose
Forum|alt.badge.img+21
  • Chris.Childerhose
  • Veeam Legend, Veeam Vanguard
  • 8436 comments
  • February 13, 2025
gordon wrote:

I have similar problem:

Start signature update
The directory C:\ProgramData\Veeam\Threat Hunter\Engines\{6b069423-129a-4467-87a6-351c3d2e2f5a} is not exist. Create the directory and make a full update.
DB update is started
CVeeamAntivirus_PerformUpdate failed.
Failed to update threat signatures: I/O operation timed out while receiving an HTTP response. Error code -2108

Ticket opened on Monday, but no progress yet, support agent only checks Threat Hunter requirements and limitations.
Mount server is behind company internet proxy, but Veeam License Update Server and Veeam Signature Update Server are accessible.

I would suggest at this point to keep going with the Support ticket you have as that is the best route forward since we are not support in the community.

Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
lukas.k
1 person likes this
  • lukas.k
    lukas.k
AndrePulia
Forum|alt.badge.img+6
  • AndrePulia
  • Veeam Legend, Veeam Vanguard
  • 333 comments
  • February 13, 2025

@lukas.k I’m guessing if you could use the test scripts to run a remote powershell with an signature update command, as you mention you are using sureback. I've never did that before, but I think that could help you .

 

André Pulia - VMCA | VMCE | VMCT | HPECI | VCI | Nutanix Certified Instructor | Twitter: @andrepulia | Blog Site – https://pulia.com.br | https://www.credly.com/users/andre-pulia
lukas.k
Forum|alt.badge.img+10
  • lukas.k
  • Author
  • Veeam Vanguard
  • 193 comments
  • February 13, 2025
AndrePulia wrote:

@lukas.k I’m guessing if you could use the test scripts to run a remote powershell with an signature update command, as you mention you are using sureback. I've never did that before, but I think that could help you .

 

What test scripts do you mean exactly? I’m not aware of any public ones (and not unofficial ones either).

 

Update on the support ticket: The support provided some reg keys to skip the certificate revocation check like if seems. The environment on my customer’s site seems to be working now, my lab will be troubleshooted asap.

 

I will keep you posted!

LK | Veeam Vanguard | VUG Leader - Cyber Security Space | Security Specialist
Chris.Childerhose
AndrePulia
2 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • AndrePulia
    AndrePulia

Comment


Terms & Conditions