Step 10. Specify Secure Restore Settings

This step is available if you recover workloads with Microsoft Windows OS.

At the Secure Restore step of the wizard, you can instruct Veeam Backup & Replication to scan machine data for malware activity before restoring the machine to the production environment. To scan the data, Veeam Backup & Replication uses the following engines:

• Veeam Threat Hunter — a signature-based scan engine. For more information, see Veeam Threat Hunter for Secure Restore.
• Third-party antivirus software. For more information, see Antivirus Scan for Secure Restore.
• YARA — a rule-based scan engine. For more information, see YARA Scan for Secure Restore.

To specify secure restore settings, do the following:

1. Select the method you want to use for data scan:

• Select the Scan restore points with Veeam Threat Hunter option to use Veeam Threat Hunter.

This option is available if you configured Veeam Threat Hunter as detection engine in Signature Detection settings.

• Select the Scan restore points with your existing antivirus software to use third-party antivirus software.

This option is available if you configured third-party antivirus in the Signature Detection settings.

• Select Scan the restore point with the following YARA rule to use YARA as a scan engine.

For a YARA rule to appear in the drop-down list, it must be placed in the YaraRules folder in the Veeam Backup & Replication product folder.

2. Select which action Veeam Backup & Replication will take if scan finds a virus threat:

• Proceed with recovery but disable network adapters — if you want to restore the VM with disabled network adapters (NICs).
• Abort VM recovery — if you want to cancel the restore session.

3. Select the Scan the entire image check box if you want to continue the VM data scan after the first malware is found. For information on how to view results of the malware scan, see Viewing Antivirus Scan Results.