Performing YARA Scan

To perform the YARA scan during the restore session, do the following at the Secure Restore step of the restore wizard:

  1. Enable the Scan the restore point with the following YARA rule option.
  2. Place the YARA file with the .yara or .yar extension in the /var/lib/veeam/yara_rules/ directory. You can add the file through the File view in the Veeam Backup & Replication console.

For more information on how to create a YARA rule, see YARA documentation.

  1. Specify the behavior scenario if malware activity is found. For more information about available options, see the following sections:
  • VMware vSphere:
  • Microsoft Hyper-V:
  1. If you want to continue the YARA scan after the first malware is found, select the Continue scanning all remaining files after the first occurrence check box.

Note that if the YARA rule is not found, Veeam Backup & Replication will display a warning. In that case, to pass the step with secure restore settings, you can do one of the following:

Page updated 9/1/2025

Page content applies to build 13.0.0.4967