How Antivirus Scan Works

The antivirus scan has the following requirements and limitations:

  • The antivirus software must be installed on the mount server and support the command line interface (CLI).
  • The antivirus configuration file must be located on the mount server and properly configured. For details, see Antivirus XML Configuration File.

During the restore session, antivirus scan works in the following way:

  1. On the mount server, Veeam Backup & Replication runs the Veeam Mount Service to perform the following steps:
  1. Mount machine disks from backups to the mount server under the C:\VeeamFLR\<machinename> folder.
  2. Initiate a new scan session.
  1. If the antivirus does not detect malware activity, Veeam Backup & Replication will restore the machine or its disks to the target location. The malware detection event will not be created.
  2. If the antivirus detects malware activity, Veeam Backup & Replication will perform the following steps:
    1. Abort the restore process or restore the machine or its disks with restrictions depending on secure restore settings.
    1. Create the malware detection event and mark objects as Infected.

How Antivirus Scan Works 

You can further access the restored machine or its disks in the isolated environment and clean the infection.

Page updated 3/7/2024

Page content applies to build 12.1.1.56