How Veeam Threat Hunter Works
Veeam Threat Hunter is a signature-based scan engine provided by Veeam. It is used as an alternative to third-party antivirus software to scan the restore points. The Veeam Threat Hunter Service is automatically installed on a mount server and runs in the background.
During the restore session, Veeam Threat Hunter scan works in the following way:
- On the mount server, Veeam Backup & Replication runs the Veeam Mount Service to perform the following steps:
- Mount machine disks from backups to the mount server under the C:\VeeamFLR\<machinename> folder.
- Initiate a new scan session.
Note |
Veeam Threat Hunter checks all disks simultaneously. |
- If Veeam Threat Hunter does not detect malware activity, Veeam Backup & Replication will restore the machine to the target location. The malware detection event will not be created.
- If Veeam Threat Hunter detects malware activity, Veeam Backup & Replication will perform the following steps:
- Abort the restore process or restore the machine with restrictions depending on secure restore settings.
- Create the malware detection event and mark objects as Infected.
Note |
Consider the following:
|