Performing YARA Scan

To perform the YARA scan during the restore session, do the following at the Secure Restore step of the restore wizard:

  1. Enable the Scan the restore point with the following YARA rule option.
  2. Specify the YARA file located in the Veeam Backup & Replication product folder. The path by default: C:\Program Files\Veeam\Backup and Replication\Backup\YaraRules. The YARA file must have the .yara or .yar extension. For more information on how to create a YARA rule, see YARA documentation.
  3. Specify the behavior scenario if malware activity is found. For more information about available options, see the following sections:
  1. If you want to continue the YARA scan after the first malware is found, select the Continue scanning all remaining files after the first occurrence (Scan the entire image – before Veeam Backup & Replication 12.1 (build 12.1.0.2131)) check box.

Note that if the YARA rule is not found, Veeam Backup & Replication will display a warning. In that case, to pass the step with secure restore settings, you can do one of the following:

  • Check if the YARA file is located in the Veeam Backup & Replication product folder, has the proper syntax and the .yara or .yar extension.
  • Clear the Scan the restore point with the following YARA rule option.
  • Use the antivirus scan. For more information, see Antivirus Scan for Secure Restore.

Page updated 3/7/2024

Page content applies to build 12.2.0.334