Intro

First of all: Happy new year to everyone!

With Veeam Backup & Replication 12.1, many new security features have been added. One of these is the Guest Index Data Scan. For this, Veeam Backup & Replication uses a signature-based approach. During/after the backup job, the following malware activity can be detected:

- Malware signatures specified in the "C:\Program Files\Veeam\Backup and Replication\Backup\SuspiciousFiles.xml" on the backup server
- Multiple files renamed by malware
- Multiple files deleted by malware

Please read the Help Center documentation  to learn more about the details and how it works.

In addition to the XML file, manual customization is also possible. You can add a malware signature that is marked as suspicious (Suspicious files) or that should be skipped (Trusted files) during the scan. See here.
 

Questions you might ask

But how do you know how many "built-in" and how many manually entered entries there are? Of course you can check the manual settings in the GUI and the XML file can also provide information about the entries in the “database”.

But as you know, I would like to use a script for this, which then offers me certain additional options. No sooner said than done. 

The Script

Even in the new year I can't resist creating (hopefully) useful scripts. The first version of the script can perform the following actions:

• Display the number of entries in SuspiciousFiles.xml, manually added suspicious and trusted files list
• Display the entries in SuspiciousFiles.xml
• Export the entries in SuspiciousFiles.xml into a .csv file
• Search for entries in SuspiciousFiles.xml
• Add entries to the suspicious and trusted file entries list

The script can be found here. The ReadMe gives you more details about the usage.

As always: Feedback welcome.

Happy scripting.
Steve