Scan Backup

To scan restore points, Veeam Backup & Replication uses a rule-based detection approach or antivirus software. You can run the Scan Backup session to perform the following operations:

  • Find the last clean restore point after a recent malware attack.
  • Find the last clean restore point if the date of the malware attack is unknown.
  • Find some specific information, for example, sensitive data.

How Scan Backup Works

For Scan Backup session, malware detection works in the following way:

  1. Veeam Backup & Replication mounts disks of the machine that you plan to scan to the mount server.
  2. On the mount server, Veeam Backup & Replication runs the Veeam Mount Service to perform the following steps:
    1. Mount machine disks from backups to the mount server under the C:\VeeamFLR\<machinename> folder.
    2. Initiate a new scan session.
  1. If you search for the last clean restore point using antivirus software or YARA rule, consider the following:
    1. If a clean restore point is found, the Scan Backup session will be finished with the Success status. The malware detection event will not be created.
    2. If a clean restore point is not found, the Scan Backup session will be finished with the Failed status. The malware detection event will be created for each restore point. Objects will be marked as Infected.
  1. If you check the restore point for sensitive data using YARA rule, consider the following:
    1. If sensitive data is found, the Scan Backup session will be finished with the Failed status.
    2. If sensitive data is not found, the Scan Backup session will be finished with the Success status.

In both cases, the malware detection event will not be created.

By default, the mount server role is assigned to the backup server or a backup repository. However, you can assign the mount server role to any 64-bit Microsoft Windows machine in your backup infrastructure. For example, you may want to run the malware detection scan on a different server for security reasons. For more information about mount server deployment and requirements, see Mount Server.

Requirements and Limitations

You can run the Scan Backup session for the following backups:

  • Image-level virtual machine backups and backup copies of Microsoft Windows VMs (VMware, Hyper-V, Cloud Director, Nutanix AHV, OLVM and RHV).
  • Physical machine backups and backup copies (Microsoft Windows only).

The following entities are not supported:

  • Image-level virtual machine backups and backup copies of Linux VMs.
  • Backups stored in the Veeam Cloud Connect repository.
  • Backups stored in the archive tier of the scale-out backup repository.
  • Storage snapshots

Configuring Scan Backup Session

To run the Scan Backup session, do the following:

  1. Open the Scan Backup window by doing one of the following:
  • Open the Inventory view and select the Malware Detection node. Select the required machine and click Scan Backup on the ribbon. Alternatively, right-click the machine and select Scan backup.
  • Open the Home view and select the Backups node. Select the job and required machine, and click Scan Backup on the ribbon. Alternatively, right-click the machine and select Scan backup.
  1. Specify the scan mode you want to use:
  • Find the last clean restore point.
  • Find the last clean restore point in range.
  • Scan content of all restore points in range.
  1. Specify the scan engine you want to use:
  • To use antivirus software as a scan engine, select the Scan restore points with an antivirus engine check box. For more information, see Antivirus Scan for Scan Backup.
  • To use a YARA rule as a scan engine, select the Scan restore points with the following YARA rule check box and specify the YARA file located in the Veeam Backup & Replication product folder. For more information, see YARA Scan for Scan Backup.
  • To use scan engines simultaneously, select both check boxes.
  1. Configure the scan range. You can specify the following options:
  • Scan all restore points, from most recent restore point to the oldest one.
  • Scan restore points created during a specific time period.

If you want to continue the Scan Backup session after the first malware or the first piece of specific information is found, select the Continue scanning all remaining files after the first occurence check box.

  1. Click OK.

Scan Backup 

Page updated 5/29/2024

Page content applies to build 12.1.2.172