Veeam Backup & Replication 12
User Guide for Microsoft Hyper-V
Related documents
Search

How YARA Scan Works

During the secure restore, YARA scan works in the following way:

  1. On the mount server, Veeam Backup & Replication runs the Veeam Mount Service to perform the following steps:
    1. Mount machine disks from backups to the mount server under the C:\VeeamFLR\<machinename> folder.
    2. Initiate a new scan session.
  1. If malware activity is not detected, Veeam Backup & Replication will restore the machine to the target location. The malware detection event will not be created.
  2. If malware activity is detected, Veeam Backup & Replication will perform the following steps:
    1. Abort the restore process or restore the machine with restrictions depending on secure restore settings.
    1. Create the malware detection event and mark objects as Infected.

If you do not want to create a malware detection event for a YARA rule, you can add a SuppressMalwareDetectionNotification tag to the name of the rule. For example:

rule SearchFileHash : SuppressMalwareDetectionNotification

In this case, the malware detection event will not be created but the restore session will be finished with the Warning status.

Page updated 12/17/2024

Page content applies to build 12.3.0.310

View all results across Veeam
Back to document search