Step 9. Specify Secure Restore Settings

At the Secure Restore step of the wizard, you can instruct Veeam Backup & Replication to scan machine data for malware activity before restoring the machine to the production environment. To scan the data, Veeam Backup & Replication uses the following engines:

• Veeam Threat Hunter — a signature-based scan engine. For more information, see Veeam Threat Hunter for Secure Restore.
• Third-party antivirus software. For more information, see Antivirus Scan for Secure Restore.
• YARA — a rule-based scan engine. For more information, see YARA Scan for Secure Restore.

To specify secure restore settings, do the following:

1. Select the method you want to use for data scan:

• Select the Scan restore points with Veeam Threat Hunter option to use Veeam Threat Hunter.

This option is available if you configured Veeam Threat Hunter as detection engine in Signature Detection settings.

• Select the Scan restore points with your existing antivirus software to use third-party antivirus software.

This option is available if you configured third-party antivirus in the Signature Detection settings.

• Select Scan the restore point with the following YARA rule to use YARA as a scan engine.

For a YARA rule to appear in the drop-down list, it must be placed in the YaraRules folder in the Veeam Backup & Replication product folder.

2. Select which action Veeam Backup & Replication will take if scan finds a virus threat:

• Proceed with recovery but disable network adapters. Select this action if you want to restore the vApp VMs with disabled network adapters (NICs).
• Abort VM recovery. Select this action if you want to cancel the restore session.

3. Select the Scan the entire image check box if you want to continue the vApp data scan after the first malware is found. For information on how to view results of the malware scan, see Viewing Antivirus Scan Results.