Veeam Recovery Orchestrator 13
User Guide
Related documents
Search

How Orchestrator Performs Virus and YARA Scan

Performing Virus and YARA Scan in Cloud Plans

When running a cloud plan, Orchestrator performs virus and YARA scan in the following way:

  1. Disks of the machine that is being restored are mounted to the mount server.
  2. On the mount server, antivirus software and the configured YARA rule are triggered to scan files from the mounted disks.
  3. Orchestrator iterates through the number of restore points specified while running the plan one by one to detect a restore point with no viruses and malware.
  4. If a clean restore point is detected, Orchestrator successfully restores the machine to the selected recovery location.

If no clean restore point is detected, Orchestrator either halts the plan or restores the machine to a quarantine network depending on the configured restore point settings.

Note

If restore points of all machines included in the plan are stored in one repository, Orchestrator will process the machines one by one. This process may take a while, affecting the plan RTO.

The results of virus and YARA scan are included in the Plan Execution report.

Performing Virus and YARA Scan in Restore Plans

When running a restore plan, Orchestrator performs virus and YARA scan in the following way:

  1. Disks of a machine that is being restored are mounted to the mount server.
  2. On the mount server, antivirus software and the configured YARA rule are triggered to scan files from the mounted disks.
  3. Orchestrator iterates through the number of restore points specified while running the plan one by one to detect a restore point with no viruses and malware.
  4. If a clean restore point is detected, Orchestrator successfully restores the machine to the selected recovery location.

If no clean restore point is detected, Orchestrator either halts the plan or restores the machine to the selected recovery location without connecting it to any network, depending on the configured restore point settings.

Note

If restore points of all machines included in the plan are stored in one repository, Orchestrator will process the machines one by one. This process may take a while, affecting the plan RTO.

When testing a restore plan, Orchestrator performs virus and YARA scan in the following way:

  1. Disks of a machine that is being tested are mounted to the mount server.
  2. On the mount server, antivirus software and the configured YARA rule are triggered to scan files from the mounted disks.
  3. Orchestrator checks the most recent restore point for possible viruses and malware.
  4. If the restore point is clean, the DataLab test completes successfully and Orchestrator restores the machine to the recovery location selected when running the on-demand testing.

If the restore point is infected, the DataLab test fails and the plan acquires the TESTING HALTED state. To learn how to manage halted testing, see Halting Plan Testing.

The results of virus and YARA scan are included in DataLab Test and Malware Scan reports.

Page updated 11/25/2025

Page content applies to build 13.0.0.1005

View all results across Veeam Help Center
Back to document search