Malware Scan

Before you run a restore or cloud plan to recover a machine to the production environment, Orchestrator allows you to scan the protected machine for possible malware without running the plan. You can also perform the scan when testing a restore plan in a DataLab.

You can instruct Orchestrator to do the following:

Check if any of restore points are marked as Suspicious or Infected. For more information, see the Veeam Backup & Replication User Guide, section How Malware Detection Works.
[Applies only to restore and cloud plans] Scan restore points with antivirus software. For more information, see How Orchestrator Performs Virus Scan.
[Applies only to restore and cloud plans] Perform YARA scan. For more information, see Managing YARA Rules.

Requirements and Limitations for Malware Scan

To allow Orchestrator to perform malware scan, the following prerequisites must be met:

Virus and YARA scan is supported for restore and cloud plans. However, machines recovered to a Hyper-V environment can be scanned with antivirus software and YARA rules only when running a malware scan, which means that the scan cannot be performed during a DataLab test or plan execution.
Only .YAR and .YARA files are supported.
The Veeam Backup & Replication server that manages the process of recovering machines to Microsoft Azure must run version 13 or later.
Antivirus software must be installed on the mount server and support the command line interface (CLI). For the list of supported antivirus software, see the Veeam Backup & Replication User Guide, section Antivirus XML Configuration File.

For Linux-based machines protected by a Windows-based Veeam Backup & Replication server, antivirus and YARA scans are supported only if you specify a Linux-based server as the default mount backup server in Veeam Backup & Replication.

For more information on how to configure the default mount server, see the Veeam Backup & Replication User Guide, section Mount Servers.