Veeam Backup & Replication - File Level Restore - Hash Scanner

  • 19 August 2023

Userlevel 7
Badge +10

Hello community,

the Backup Scanning Tools Web Console got a new buddy: 


📃🔎 File Level Restore - Hash Scanner 📃🔎

This Powershell script scans specific subfolders within a Veeam File Level Recovery session and checks if any of the scanned files match a SHA256 value by comparing the values to a list of known hash values. Common locations for temporary Internet files in Windows systems are scanned. The list can be supplemented at any time.

The following subdirectories in the Users folder are scanned

  • Downloads
  • AppData\Local\Temp
  • AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data
  • AppData\Local\Google\Chrome\User Data\Default\Cache
  • AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

The script has been integrated into the Backup Scanning Tools Web Console, but can also be run manually. On top you'll also get this script:


This script automates the execution of the scans Windows VM included in a specific backup job. The number of VMs to be scanned simultaneously can be specified. It tracks whether the VM from the job has already been scanned and tests the remaining VMs that have not yet been scanned (a function from the dynamic SureBackup Job Script). If all VMs have been scanned, the script starts again from the beginning.

Find more details and all the prerequisites in the corresponding README document.

Please not that only the file level restore process is started to present the backup to the mount host. An actual restore is not executed.

Important: Do not run too many scan jobs at the same time. The hash list consumes quite a bit of memory ( ~ 2.5 GB per Job)


Happy scanning!


Userlevel 7
Badge +21

Very cool tool. Thanks for another one Steve. 😎

Userlevel 7
Badge +19

Very nice! Appreciate the share!


Userlevel 7
Badge +8

Cool tool. I’ll have to try it in my lab.