How Secure Restore Works

For secure restore, malware detection works in the following way:

  1. On the mount server, Veeam Backup & Replication runs the Veeam Mount Service to perform the following steps:
    1. Mount machine disks from backups to the mount server under the C:\VeeamFLR\<machinename> folder.
    2. Initiate a new scan session.
  1. If malware activity is not detected, Veeam Backup & Replication will restore the machine to the target location. The malware detection event will not be created.
  2. If malware activity is detected, Veeam Backup & Replication will perform the following steps:
    1. Abort the restore process or restore the machine with restrictions depending on secure restore settings.
    2. Create the malware detection event and mark objects as Infected.

By default, the mount server role is assigned to the backup server or a backup repository. However, you can assign the mount server role to any 64-bit Microsoft Windows machine in your backup infrastructure. For example, you may want to run the malware detection scan on a different server for security reasons. For more information about mount server deployment and requirements, see Mount Server.



You can also scan machines for malware regularly within a SureBackup job. For information on how to enable the malware scan for a SureBackup job, see the Settings step of the SureBackup job wizard.

Page updated 6/20/2024

Page content applies to build