Malware Detection Methods

Veeam Backup & Replication supports the following malware detection methods:

Malware detection method	Scan objects	Notes
File system activity analysis	Guest indexing data	During the backup job, detects the following malware activity: Known suspicious files and extensions Renamed files Deleted files Marks objects as Suspicious. For more information, see Guest Indexing Data Scan.
Inline entropy analysis	Blocks in a data stream	During the backup job, detects the following malware activity: Encrypted files Onion links Ransom notes Marks objects as Suspicious. For more information, see Inline Scan.
Rule-based detection (YARA)	Restore points	During the Scan Backup session, does one of the following: Finds the last clean restore point Analyzes the content for specific information During the restore session with the Secure Restore option, detects malware activity as specified in the YARA rule. Marks objects as Infected. For more information, see Scan Backup and Secure Restore.
Antivirus scan	Restore points	During the Scan Backup session, finds the last clean restore point. During the restore session with the Secure Restore option, detects malware activity as specified in the antivirus configuration file. Marks objects as Infected. For more information, see Scan Backup and Secure Restore.
Third-party malware protection solution	Depends on the configuration of the malware protection solution	Uses Veeam Incident API to send a request about detected malware activity to Veeam Backup & Replication. Marks objects as Infected. For more information, see Veeam Backup & Replication REST API Reference.