Guest Indexing Data Scan
To scan guest indexing data, Veeam Backup & Replication uses file system activity analysis. During the backup job, the following malware activity can be detected:
- Known suspicious files and extensions specified in the SuspiciousFiles.xml file. The file is located on the backup server in the Veeam Backup & Replication product folder. The path by default: C:\Program Files\Veeam\Backup and Replication\Backup\SuspiciousFiles.xml.
Note |
Do not edit the SuspiciousFiles.xml directly. If you want to customize the list of suspicious files and extensions, you can do it in the malware detection settings. For more information, see Managing List of Suspicious Files and Extensions. |
- Multiple files renamed by malware. A malware detection event will be created if the following conditions are met:
- There must be at least 200 renamed files with the same or different extensions.
- These extensions are not specified in the SuspiciousFiles.xml file.
- Multiple files deleted by malware. A malware detection event will be created if at least 25 files with specific extensions or 50% of files with specific extensions are deleted.
Supported Scenarios
Consider the following:
- You can only scan guest indexing data when backing up the following machines:
- VMware VMs including VMware Cloud Director VMs
- Hyper-V VMs
- Machines with Veeam Agent for Microsoft Windows operating in the managed by backup server mode (image-level and volume-level backup)
- Detection of "sleeping" malware is not supported by this method.
In This Section