I was performing a large file-base restoration (forensic isolated lab)
When System Center Endpoint Protection 2012 popped up indicating it was taking care of threats found within: "C:\VeeamFLR\Volume0\...\...\"
(I won't bore you with the literal path of the mounted backup file)
SCCP 2012 "quarrantined" the false positive (they where tools for password recovery needs with are legit in the hands of the I.T. Guy and bad in the hands of the bad people)
In hidsight:
1) I should have made a backup copy of the Veeam Backup files before attempting to restore
2) I should have disabled real time scaning
3) I should have explicitly exempted the parent directory "C:\VeeamFLR\"
I ~think~ I'm okay. I had SCCP 2012 "restore" the files.
But then I realized......... the backup file......... is mounted........ read/write??????
Whiskey Tango?
Seriously?
Why Veeam?
Why mount my 1.65 TB backup file as read/write????
I assumed you would weight preserving the original backup file contents when performing a restore.
Moving forward. I will make separate isolated backup copies of the backup files that I need to restore from. Before I perform a restore. I cannot risk client device destroying the integrity of the backup vkb files when mounted.
-
- Enthusiast
- Posts: 65
- Liked: 2 times
- Joined: Mar 19, 2016 5:39 pm
- Full Name: Hari Seldon
- Contact:
-
- Product Manager
- Posts: 14726
- Liked: 1707 times
- Joined: Feb 04, 2013 2:07 pm
- Full Name: Dmitry Popov
- Location: Prague
- Contact:
Re: WARNING: vbk content compromised when restoring
Hi Hari.
Have you tried to modify the volume content via mounted folder? Even though you can create new items, delete or modify content inside Veeam FLR directory all these changes will be made in the local system level and wont be propagated to backup file. The block level request from a backup file is like a one way traffic - you can read anything you want but you cannot update anything inside the backup file.
Have you tried to modify the volume content via mounted folder? Even though you can create new items, delete or modify content inside Veeam FLR directory all these changes will be made in the local system level and wont be propagated to backup file. The block level request from a backup file is like a one way traffic - you can read anything you want but you cannot update anything inside the backup file.
-
- Enthusiast
- Posts: 65
- Liked: 2 times
- Joined: Mar 19, 2016 5:39 pm
- Full Name: Hari Seldon
- Contact:
Re: WARNING: vbk content compromised when restoring
So the file copy (when restoring) copies from the vbk file directly (versus the mount location)?
then the mount location is in case end user wants to search within windows itself (versus the vbk restore window)?
I am used to the term mount combined with RW or RO permissions... Veeam has the third permission
thanks
then the mount location is in case end user wants to search within windows itself (versus the vbk restore window)?
I am used to the term mount combined with RW or RO permissions... Veeam has the third permission
thanks
-
- Product Manager
- Posts: 14726
- Liked: 1707 times
- Joined: Feb 04, 2013 2:07 pm
- Full Name: Dmitry Popov
- Location: Prague
- Contact:
Re: WARNING: vbk content compromised when restoring
Hari,
Permissions are set to the root Veeam FLR folder. Underneath this folder you can see the folders with the disk name, I called it mount but in fact the content is represented to the operating system via special driver. Once you've selected the file for restore (or copy), driver starts to request data on a block level.
Permissions are set to the root Veeam FLR folder. Underneath this folder you can see the folders with the disk name, I called it mount but in fact the content is represented to the operating system via special driver. Once you've selected the file for restore (or copy), driver starts to request data on a block level.
Who is online
Users browsing this forum: No registered users and 26 guests