Malware Detection Methods

Veeam Backup & Replication supports the following malware detection methods:

Malware detection method

Scan objects

Notes

File system activity analysis

Guest indexing data

During the backup job, detects the following malware activity:

  • Known suspicious files and extensions
  • Renamed files
  • Deleted files

Marks objects as Suspicious.

For more information, see Guest Indexing Data Scan.

Inline entropy analysis

Blocks in a data stream

During the backup job, detects the following malware activity:

  • Encrypted files
  • Onion links
  • Ransom notes

Marks objects as Suspicious.

For more information, see Inline Scan.

Rule-based detection (YARA)

Restore points

During the Scan Backup session, does one of the following:

  • Finds the last clean restore point
  • Analyzes the content for specific information

During the restore session with the Secure Restore option, detects malware activity as specified in the YARA rule.

Marks objects as Infected.

For more information, see Scan Backup and Secure Restore.

Antivirus scan

Restore points

During the Scan Backup session, finds the last clean restore point.

During the restore session with the Secure Restore option, detects malware activity as specified in the antivirus configuration file.

Marks objects as Infected.

For more information, see Scan Backup and Secure Restore.

Third-party malware protection solution

Depends on the configuration of the malware protection solution

Uses Veeam Incident API to send a request about detected malware activity to Veeam Backup & Replication.

Marks objects as Infected.

For more information, see Veeam Backup & Replication REST API Reference.

Page updated 1/31/2024

Page content applies to build 12.2.0.334