Veeam Backup & Replication 12
User Guide for Microsoft Hyper-V
Related documents
Search

Performing YARA Scan

To perform the YARA scan during the restore session, do the following at the Secure Restore step of the restore wizard:

  1. Enable the Scan the restore point with the following YARA rule option.
  2. Specify the YARA file located in the Veeam Backup & Replication product folder. The path by default: C:\Program Files\Veeam\Backup and Replication\Backup\YaraRules. The YARA file must have the .yara or .yar extension. For more information on how to create a YARA rule, see YARA documentation.
  3. Specify the behavior scenario if malware activity is found. For more information about available options, see the following sections:
  1. If you want to continue the YARA scan after the first malware is found, select the Continue scanning all remaining files after the first occurrence check box.

Note that if the YARA rule is not found, Veeam Backup & Replication will display a warning. In that case, to pass the step with secure restore settings, you can do one of the following:

  • Check if the YARA file is located in the Veeam Backup & Replication product folder, has the proper syntax and the .yara or .yar extension.
  • Clear the Scan the restore point with the following YARA rule option.
  • Use Veeam Threat Hunter or third-party antivirus sofware. For more information, see Veeam Threat Hunter for Secure Restore and Antivirus Scan for Secure Restore.

Page updated 11/11/2024

Page content applies to build 12.3.0.310

View all results across Veeam
Back to document search