Veeam Backup & Replication allows you to perform secure restore — scan machine data with antivirus software before restoring the machine to the production environment.
During secure restore, Veeam Backup & Replication mounts disks of the machine that you plan to restore to the mount server. On the mount server, Veeam Backup & Replication triggers the antivirus software to scan files from the mounted disks. If during the scan the antivirus software detects malware, Veeam Backup & Replication will either abort the restore process, or restore the machine with restrictions depending on secure restore settings.
Secure restore is available for the following restore operations:
- Instant Recovery
- Entire VM Restore
- Restore to Microsoft Azure
- Restore to Amazon EC2
- [Starting from Veeam Backup & Replication 11a (build 18.104.22.1681)] Restore to Google Compute Engine
- Disk Export
To perform secure restore, you must enable the Scan the restored machine for malware prior to performing the recovery option at the Secure Restore step of the restore wizard.
You can also scan machine data for malware regularly within a SureBackup job. For information on how to enable the malware scan for a SureBackup job, see the Settings step of the SureBackup job wizard.
Before you perform secure restore, check the following prerequisites:
- You can perform secure restore only for machines that run Microsoft Windows.
- The antivirus software must be installed on the mount server and support the command line interface (CLI).
- The antivirus configuration file must be located on the mount server and must be properly configured. For details, see Antivirus XML Configuration File.
- Veeam Backup & Replication does not perform malware scan for disks or volumes that cannot be mounted to the mount server.
For example, Storage Spaces disks or ReFS volumes (if ReFS is not supported by the mount server OS) are skipped from the scan and restored in a regular way.