Extra Veeam compents on a Hyper-V Host?

[nmdange]

I am working on configured some Hyper-V hosts to run Shielded VMs with TPM attestation. Part of this requires creating a Code Integrity Policy which defines which programs are allowed to run. I noticed that after capturing the binaries installed on a Hyper-V host that was added to Veeam, there are a bunch of Veeam components that don't seem to be relevant to a Hyper-V host. Is there a way for me to remove these files/components? Would anything stop working if I blocked these files from being loaded in the Code Integrity Policy? A lot of these files seem to be specific to VMWare, guest interaction proxies, or deduplication appliances. This is specifically for Hyper-V hosts that are not running any other Veeam roles.

C:\Program Files (x86)\Veeam\Backup Transport\x86\vddk_5_0\*
C:\Program Files (x86)\Veeam\Backup Transport\x86\nfs41\*
C:\Program Files (x86)\Veeam\Backup Transport\x86\ddboost\*
C:\Program Files (x86)\Veeam\Backup Transport\x64\vix\*
C:\Program Files (x86)\Veeam\Backup Transport\x64\vddk_6_5_vmc\*
C:\Program Files (x86)\Veeam\Backup Transport\x64\vddk_6_5\*
C:\Program Files (x86)\Veeam\Backup Transport\x64\vddk_6_0\*
C:\Program Files (x86)\Veeam\Backup Transport\x64\storeonce\*
C:\Program Files (x86)\Veeam\Backup Transport\x64\nfs41\*
C:\Program Files (x86)\Veeam\Backup Transport\x64\ddboost\*
C:\Program Files (x86)\Veeam\Backup Transport\GuestInteraction\*

I also noticed that after updating to update3a, VeeamTransportSvc.exe and VeeamHvIntegrationSvc.exe got flagged by the Code Integrity Policy. The policy is supposed to look at the signer of the files, so I would have thought the new versions would have the same signer and would be allowed. I'm still learning about this so it's possible the policy is not set up correctly. Has Veeam done any testing with Hyper-V hosts configured in this way? I am following this document as a guide https://docs.microsoft.com/en-us/window ... g-hardware

[foggy]

Some of the components are not relevant to Hyper-V, indeed. But those that are not relevant (i.e. VDDK) or not used are loaded on request, so will not be loaded if not needed. StoreOnce/DDBoost components might still be required for Hyper-V if corresponding repository is used. Guest interaction proxies can also be used in case of a Hyper-V environment.