Veeam Disaster Recovery Orchestrator 6.0 [Archived]
User Guide
Related documents
Search
This is an archive version of the document. To get the most up-to-date information, see the current version.

How Orchestrator Performs Ransomware Scan

Before you run a restore plan to recover a machine to the production environment, Orchestrator allows you to perform ransomware scan for the protected machine using Veeam Secure Restore. You can also perform the scan when testing a restore plan in a DataLab.

While running a restore plan, Orchestrator performs ransomware scan in the following way:

  1. Disks of a machine that is being restored are mounted to the mount server.
  2. On the mount server, antivirus software is triggered to scan files from the mounted disks.
  3. Orchestrator iterates through the number of restore points specified while running the plan one by one to detect a restore point with no viruses.
  4. If a clean restore point is detected, Orchestrator successfully restores the machine to the selected recovery location.

If no clean restore point is detected, Orchestrator either halts the plan or restores the machine to the selected recovery location without connecting it to any network, depending on the configured restore point settings.

Note

If restore points of all machines included in the plan are stored in one repository, Orchestrator will process machines one by one. This process may take a while, affecting the plan RTO.

While testing a restore plan, Orchestrator performs ransomware scan in the following way:

  1. Disks of a machine that is being tested are mounted to the mount server.
  2. On the mount server, antivirus software is triggered to scan files from the mounted disks.
  3. Orchestrator checks the most recent restore point for possible ransomware.
  4. If the restore point is clean, Orchestrator marks the point as Healthy. When a restore point is marked as Healthy, Orchestrator requires less time to process the machine while testing the plan next time.

If the restore point is infected, the DataLab test fails and the plan acquires the TESTING HALTED state. To learn how to manage halted testing, see Halting Plan Testing.

The results of ransomware scan are included in Readiness Check, DataLab Test and Plan Execution reports.

Requirements and Limitations for Ransomware Scan

To allow Orchestrator to perform ransomware scan, the following prerequisites must be met:

  • Ransomware scan is supported only for Windows-based machines and for restore points stored in on-premises repositories only.
  • The Veeam Backup & Replication server that protects the machine being processed is running version 12 or later.
  • Antivirus software must be installed on the mount server and support the command line interface (CLI). The following antivirus software is supported: Microsoft Defender, Kaspersky, ESET and Symantec Protection Engine.
View all results across Veeam
Back to document search