Malware Detection

You can use different malware detection methods to scan data of backups created by Veeam Agent for Microsoft Windows or Veeam Agent for Linux and get information about suspicious activity or infected objects.

Veeam Backup & Replication provides the following malware detection methods for Veeam Agents:

  • Guest Indexing Data Scan — based on the Veeam file detection engine — detects malware activity in the file system.
  • Inline Scan — based on the Veeam encryption detection engine — detects objects encrypted by malware (only for Veeam Agent for Microsoft Windows protected with backup job managed by Veeam backup server)
  • Signature-based scan — performed by Veeam Threat Hunter or third-party antivirus software of your choice — detects known malware signatures.

To learn more about the feature, see Malware Detection Methods and Signature Detection.

NOTE

Consider the following about malware detection in backups of Windows Server failover clusters:

  • If Veeam Backup & Replication detects malware activity on one cluster node, the backup of the whole cluster will be marked as Suspicious.
  • You can exclude only the whole cluster from the malware detection scan, you cannot exclude a single cluster node.

Related Task

Scanning Veeam Agent Backups.

Page updated 9/5/2025

Page content applies to build 13.0.0.4967