Start-VBRScanBackup

Short Description

Starts a scan of backups with antivirus or YARA scan.

Note

This cmdlet is available starting from Veeam Backup & Replication 12.1 (build 12.1.0.2131).

Applies to

Product Edition: Enterprise, Enterprise Plus, Veeam Universal License

Syntax

Start-VBRScanBackup -Object <VBRBackupObject[]> -ScanMode <VBRRestorePointScanMode> [-EnableAntivirusScan] [-EnableYARAScan] [-YARARule <String>] [-FromPointInTime <DateTime>] [-ToPointInTime <DateTime>] [-EnableEntireImageScan] [-RunAsync]  [<CommonParameters>]

Detailed Description

This cmdlet starts a scan of backups with antivirus or YARA scan. You can scan the following types of backups:

  • Backups of VMware vSphere virtual machines created by Veeam Backup & Replication.
  • Backups of Microsoft Hyper-V virtual machines created by Veeam Backup & Replication.
  • Backups created by backup copy jobs.
  • Backups of RHV VMs created by Veeam Backup for RHV.
  • Backups of Windows machines created by  Veeam Agent For Microsoft Windows.
  • Backup of VMware Cloud Director VMs.

Parameters

Parameter

Description

Type

Required

Position

Accept Pipeline Input

Object

Specifies an array of backups that you want to scan.

Accepts the VBRBackupObject[] object. To create this object, run the Get-VBRBackupObject cmdlet.

True

Named

False

ScanMode

Specifies one of the following a scan modes:

  • AllInInterval — Use this mode to scan backup content with neccessary YARA rules. The cmdlet will scan all restore points sequentially and will initiate a malware event.
    Note: If you use this mode, you must provide the EnableYARAScan and YARARule parameters.
  • FirstInInterval — Use this mode if you are not sure when the attack started. The cmdlet will scan restore points in optimal order until it finds the malware-free restore point.
  • MostRecent — Use this mode if you consider that a cyber-attack started recently. The cmdlet will scan the restore points sequentially, starting from the most resent restore point, until it finds the latest malware-free restore point.

VBRRestorePointScanMode

True

Named

False

EnableAntivirusScan

Enables secure restore.

If you provide this parameter, Veeam Backup & Replication will trigger the antivirus software to scan selected VMs before the restore.

SwitchParameter

False

Named

False

EnableYARAScan

Defines that Veeam Backup & Replication will scan VMs with the specified YARA rule.

If you do not provide this parameter, Veeam Backup & Replication will not scan VMs with the YARA rule.

Use the YARARule parameter to specify the YARA rule.

SwitchParameter

False

Named

False

YARARule

Specifies the YARA rule. Veeam Backup & Replication will scan VMs with this rule.

Note: Veeam Backup & Replication searches for YARA rules by the following path: C:\Program Files\Veeam\Backup and Replication\Backup\YaraRules.

To use the YARA rule, you must specify its name and extension. Veeam Backup & Replication accepts only .yar and .yara extension.

String

False

Named

False

FromPointInTime

Specifies the date and time. The cmdlet will scan backups that were created starting from this date and time.

Accepts the DateTime object. To get this object, run the Get-Date cmdlet.

False

Named

False

ToPointInTime

Specifies the date and time. The cmdlet will scan backups that were created by this date and time.

Accepts the DateTime object. To get this object, run the Get-Date cmdlet.

False

Named

False

EnableEntireImageScan

Defines that the cmdlet will scan all restore points in backup even after it finds the first affected restore point.

SwitchParameter

False

Named

False

RunAsync

Defines that the command returns immediately without waiting for the task to complete.

SwitchParameter

False

Named

False

<CommonParameters>

This cmdlet supports Microsoft PowerShell common parameters. For more information on common parameters, see Microsoft Docs.

Output Object

VBRSureBackupJobSession

Examples

Scanning Backups with YARA Scan

This example shows how scan backups with YARA scan.

$yararule = Get-VBRYARARule

$backup = Get-VBRBackup

$vmbackup = Get-VBRBackupObject -Backup $backup[0]

Start-VBRScanBackup -Object $vmbackup[0] -ScanMode FirstInInterval -EnableYARAScan -YARARule $yararule[0]

Perform the following steps:

  1. Run the Get-VBRYARARule cmdlet. Save the result to the $yararule variable.
  2. Run the Get-VBRBackup cmdlet. Save the result to the $backup variable.
  3. Run the Get-VBRBackupObject cmdlet. Specify the Backup parameter value. Save the result to the $vmbackup variable.

The Get-VBRBackupObject cmdlet will return an array of VM backups. Mind the ordinal number of the necessary VM backup (in our example, it is the first VM backup in the array).

  1. Run the Start-VBRScanBackup cmdlet. Specify the following settings:
  • Set the $vmbackup[0] variable as the Object parameter value.
  • Provide the ScanMode parameter value.
  • Provide the EnableYARAScan parameter.
  • Set the $yararule[0] variable as the YARARule parameter value.

Related Commands