You can scan restore points of a backup created by Veeam Agent for Microsoft Windows after a malware attack or to look for some sensitive data in a backup.
You cannot scan backups created by Veeam Agent for Linux, Veeam Agent for IBM AIX, Veeam Agent for Oracle Solaris or Veeam Agent for Mac.
To run the scan backup session:
- Open the Home view.
- In the inventory pane, click Backups.
- In the working area, expand the Veeam Agent backup, select the necessary computer in the backup and click Scan Backup on the ribbon or right-click the computer and select Scan Backup.
- Specify the scan mode you want to use:
- Find the last clean restore point
- Find the last clean restore point in range
- Scan content of all restore points in range
- If you want to use antivirus software as a scan engine, select the Scan restore points with an antivirus engine check box. For more information, see the Secure Restore section in the Veeam Backup & Replication User Guide.
- If you want to use a YARA rule as a scan engine, select the Scan restore points with the following YARA rule check box and specify the YARA file located in the Veeam Backup & Replication product folder: C:\Program Files\Veeam\Backup and Replication\Backup\YaraRules.
If you do not want to create a malware detection event for a YARA rule, you can add a SuppressMalwareDetectionNotification tag to the name of the rule. For example:
rule SearchFileHash : SuppressMalwareDetectionNotification
In this case, the malware detection event will not be created but the scan backup session will be finished with the Warning status.
- Configure the scan range. You can specify the following options:
- Scan all restore points, from most recent restore point to the oldest available restore point.
- Scan restore points created during a specific time period.
Veeam Backup & Replication selects the order in which to scan restore points depending on the selected scan mode:
- In the Find the last clean restore point mode, Veeam Backup & Replication scans restore points from the most recent to the oldest.
- In the Find the last clean restore point in range mode, Veeam Backup & Replication scans restore points in the optimal order.
- In the Scan content of all restore points in range mode, Veeam Backup & Replication scans restore points from the oldest to the most recent.
If you want to continue the scan backup session after the first malware or the first piece of specific information is found, select the Continue scanning all remaining files after the first occurence check box.
- Click OK.
To learn more, see the Scan Backup section in the Veeam Backup & Replication User Guide.