Comprehensive data protection for all workloads
Post Reply
ak1
Lurker
Posts: 1
Liked: never
Joined: Mar 16, 2015 12:03 pm
Full Name: Andreas
Contact:
Contact ak1

Feature Request: installable Guesthelper against ransomware

Post by ak1 »

Hi,

we separated our Backup Network and some other Networks to protect our Servers against Ransomeware.
But to access the admin share for the Veeam Backup & Replication components (guesthelpertool, Backup Proxy Service, ...)
we need to open widely the following ports in the firewall:

CIFS:445
LDAP GC: 3268
Netbios LS:135
Netbios NS:137
Netbios SSN: 139
Netbios DGM: 138
RPC Dynamic Port: 1024-65535
Veeam Backup Proxy Service:6162
Veeam Installer Service: 6160
Veeam NFS RPC: 6161
Veeam NFS RPC Portmapper: 111
Veeam RPC Port 1:2049
Veeam RPC Port 2: 1058

for Example to access the MSSQL network, only port 1433 needed,
so ransomware can't access and encrypt any share from the other Networks.

Should be infected for some reason the backupserver, the backupserver can access all shares
and can also infect all Servers protected by Veeam.


My Feature Request:

Is it possible to install the guesthelpertools and an Update Agent manually
directly on the "Veeam protected Microsoft Windows Server" such as, for example, some antivirus manufacturer?

The Installed guesthelper and an Update Agent can run as Service as Local System Account or as Local Admin.
The Update agent can install and update the guesthelpertools and no Admin Share and Access is needed.

Now the ports are maybe limited to the following Ports:

Veeam Update Agent
Veeam Backup Proxy Service:6162
Veeam Installer Service: 6160
Veeam RPC Port 1:2049
Veeam RPC Port 2: 1058

Should be infected for some reason the backupserver, now only the Backupservers are encrypted and the other Networks are protected.
Top
Vitaliy S.
VP, Product Management
Posts: 27114
Liked: 2720 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:
Contact Vitaliy S.

Re: Feature Request: installable Guesthelper against ransomw

Post by Vitaliy S. »

ak1 wrote:Is it possible to install the guesthelpertools and an Update Agent manually
directly on the "Veeam protected Microsoft Windows Server" such as, for example, some antivirus manufacturer?
No, it is not possible, however network access to processed VMs is not required, you can failover to VIX-engine for accessing VMs with no network connection to the backup server.

Thank you for the feature request!
Top
Post Reply

Return to “Veeam Backup & Replication”



Who is online

Users browsing this forum: No registered users and 141 guests