Comprehensive data protection for all workloads
roelvdw
Enthusiast
Posts: 60
Liked: 6 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Secure restore

Post by roelvdw »

Hi

We use in our environment Kaspersky EndPoint Security and Kaspersky Security for Windows Servers.
I wanna test secure restore functionality with Kaspersky Security .
Does anyone have experience with Configuring the antivirus file for Veeam B&R to test secure restore ?

Kind regards

Roel
Mike Resseler
Product Manager
Posts: 8044
Liked: 1263 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: Secure restore

Post by Mike Resseler »

Roel,

I've done a bit of digging but can't find exactly if commandline is supported for Endpoint Security. Only found something for version 10 for windows servers (https://support.kaspersky.com/11336#). So you might want to check if that avp.com exists on your servers.

If so, just adapt the XML file as seen here (https://helpcenter.veeam.com/docs/backu ... l?ver=95u4)

Mike
roelvdw
Enthusiast
Posts: 60
Liked: 6 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Re: Secure restore

Post by roelvdw »

Hi Mike

No avp.com is not installed on Servers.
If i can install it > can you send me antivirusinfo.xml file adjusted for this AV

Kind regards

Roel
HannesK
Product Manager
Posts: 14287
Liked: 2877 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: Secure restore

Post by HannesK »

Hello,
I guess you have a "all in one" installation. That means avp.com needs to be installed on the Veeam Backup server.

Then I suggest that you try to scan manually on command line (how-to). Example "avp.com scan <file / folder>" and check whether everything works. The eicar test virus is an easy way to check.

After you figured out the syntax, just change the settings in the XML file from one of the existing examples in the file.

Best regards,
Hannes
roelvdw
Enthusiast
Posts: 60
Liked: 6 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Re: Secure restore

Post by roelvdw »

Hi Hannes

avp.com is only Kaspersky EndPoint Security (clients) .
For servers > Kaspersky Security for Windows Server .
On most of my servers Kaspersky Security for Windows Servers is installed also on Veeam Backup Server.
I have added the commands in antivirusinfo.xml (for Kaspersky EndPoint Security & Kaspersky Security for Windows Server .
Do i have to restart services after editing Antivirusinfo file ?
HannesK
Product Manager
Posts: 14287
Liked: 2877 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: Secure restore

Post by HannesK »

Hello,
as far as I remember when I tested it some months ago, it is not required to restart any service. I will ask the documentation whether they can add that information.

Best regards,
Hannes
roelvdw
Enthusiast
Posts: 60
Liked: 6 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Re: Secure restore

Post by roelvdw »

Hi Hannes

I have adjusted the XML file .
But when i test secore Restore > i get message that malware scan is not available
Mike Resseler
Product Manager
Posts: 8044
Liked: 1263 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: Secure restore

Post by Mike Resseler »

Roel,

Without any guarantees that it will work (I can't test because I don't have Kaspersky). Could you post what you have added to the XML file? We might see something in it that is not correct.
roelvdw
Enthusiast
Posts: 60
Liked: 6 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Re: Secure restore

Post by roelvdw »

Hi

I haved added the text of xml file above

Code: Select all

<Antiviruses>
	<AntivirusInfo Name='Symantec' IsPortableSoftware='false' ExecutableFilePath='Veeam.Backup.Antivirus.Scan.exe' CommandLineParameters='/p:%Path%' RegPath='HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\symcscan' ServiceName='symcscan' ThreatExistsRegEx='Threat\s+found' IsParallelScanAvailable='false'>
		<ExitCodes>
			<ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
			<ExitCode Type='Error' Description='Invalid command line argument'>1</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was completed with errors'>2</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was canceled'>4</ExitCode>
			<ExitCode Type='Infected' Description='Virus threat was detected'>3</ExitCode>
		</ExitCodes>
	</AntivirusInfo>
<Antiviruses>
	<AntivirusInfo Name='Kaspersky Security 10 for Windows Server' IsPortableSoftware='false' ExecutableFilePath='c:\Program Files (x86)\Kaspersky Lab\Kaspersky Security 10 for Windows Server\kavshell.exe' CommandLineParameters='scan /mycomp' RegPath='HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KAVFS' ServiceName='KAVFS' ThreatExistsRegEx='Threat\s+found' IsParallelScanAvailable='false'>
		<ExitCodes>
			<ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
			<ExitCode Type='Error' Description='Invalid command line argument'>1</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was completed with errors'>2</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was canceled'>4</ExitCode>
			<ExitCode Type='Infected' Description='Virus threat was detected'>3</ExitCode>
		</ExitCodes>
	</AntivirusInfo>
<Antiviruses>
<Antiviruses>
	<AntivirusInfo Name='Kaspersky Security 10 for Windows Server' IsPortableSoftware='true' ExecutableFilePath='c:\Program Files (x86)\Kaspersky Lab\Kaspersky Security 10 for Windows Server\kavshell.exe' CommandLineParameters='scan /mycomp' RegPath='' ServiceName='' ThreatExistsRegEx='Threat\s+found' IsParallelScanAvailable='false'>
		<ExitCodes>
			<ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
			<ExitCode Type='Error' Description='Invalid command line argument'>1</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was completed with errors'>2</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was canceled'>4</ExitCode>
			<ExitCode Type='Infected' Description='Virus threat was detected'>3</ExitCode>
		</ExitCodes>
	</AntivirusInfo>
<Antiviruses>
	<AntivirusInfo Name='Kaspersky Endpoint Security for Windows' IsPortableSoftware='true' ExecutableFilePath='c:Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\avp.com' CommandLineParameters='scan /all' RegPath='' ServiceName='' ThreatExistsRegEx='Threat\s+found' IsParallelScanAvailable='false'>
		<ExitCodes>
			<ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
			<ExitCode Type='Error' Description='Invalid command line argument'>1</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was completed with errors'>2</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was canceled'>4</ExitCode>
			<ExitCode Type='Infected' Description='Virus threat was detected'>3</ExitCode>
		</ExitCodes>
<AntivirusInfo Name='Kaspersky Endpoint Security for Windows' IsPortableSoftware='false' ExecutableFilePath='c:Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\avp.com' CommandLineParameters='scan /all' RegPath='HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AVP' ServiceName='AVP' ThreatExistsRegEx='Threat\s+found' IsParallelScanAvailable='false'>
		<ExitCodes>
			<ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
			<ExitCode Type='Error' Description='Invalid command line argument'>1</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was completed with errors'>2</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was canceled'>4</ExitCode>
			<ExitCode Type='Infected' Description='Virus threat was detected'>3</ExitCode>
		</ExitCodes>
	</AntivirusInfo>
	<AntivirusInfo Name='Eset File Security' IsPortableSoftware='true' ExecutableFilePath='%ProgramFiles%\ESET\ESET File Security\ecls.exe' CommandLineParameters='%Path% /clean-mode=None /no-symlink' RegPath='' ServiceName='' ThreatExistsRegEx='threat\s*=\s*["&apos;](?!is OK["&apos;])[^"&apos;]+["&apos;]' IsParallelScanAvailable='false'>
		<ExitCodes>
			<ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
			<ExitCode Type='Infected' Description='Virus threat was detected'>1</ExitCode>
			<ExitCode Type='Warning' Description='Some files were not scanned'>10</ExitCode>
			<ExitCode Type='Infected' Description='Virus threat was detected'>50</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was completed with errors'>100</ExitCode>
		</ExitCodes>
	</AntivirusInfo>
	<AntivirusInfo Name='ESET Antivirus' IsPortableSoftware='true' ExecutableFilePath='%ProgramFiles%\ESET\ESET Security\ecls.exe' CommandLineParameters='%Path% /clean-mode=None /no-symlink' RegPath='' ServiceName='' ThreatExistsRegEx='threat\s*=\s*["&apos;](?!is OK["&apos;])[^"&apos;]+["&apos;]' IsParallelScanAvailable='false'>
		<ExitCodes>
			<ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
			<ExitCode Type='Infected' Description='Virus threat was detected'>1</ExitCode>
			<ExitCode Type='Warning' Description='Some files were not scanned'>10</ExitCode>
			<ExitCode Type='Infected' Description='Virus threat was detected'>50</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was completed with errors'>100</ExitCode>
		</ExitCodes>
	</AntivirusInfo>
	<AntivirusInfo Name='Windows Defender' IsPortableSoftware='false' ExecutableFilePath='%ProgramFiles%\Windows Defender\mpcmdrun.exe' CommandLineParameters='-Scan -ScanType 3 -File %Path% -DisableRemediation -BootSectorScan' RegPath='HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend' ServiceName='WinDefend' ThreatExistsRegEx='Threat\s+information' IsParallelScanAvailable='false'>
		<ExitCodes>
			<ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was completed with errors'>2</ExitCode>
			<ExitCode Type='Infected' Description='Virus threat was detected'>2</ExitCode>
		</ExitCodes>
	</AntivirusInfo>
</Antiviruses>
HannesK
Product Manager
Posts: 14287
Liked: 2877 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: Secure restore

Post by HannesK »

Hello,
I don't believe that it is a good idea to add the scanners twice with the same name

Code: Select all

<AntivirusInfo Name='Kaspersky Security 10 for Windows Server' IsPortableSoftware='false'
<AntivirusInfo Name='Kaspersky Security 10 for Windows Server' IsPortableSoftware='true' 

Code: Select all

<AntivirusInfo Name='Kaspersky Endpoint Security for Windows' IsPortableSoftware='true'
<AntivirusInfo Name='Kaspersky Endpoint Security for Windows' IsPortableSoftware='false'
trying both ways makes sense to me, but with the same name that could be an issue.

Best regards,
Hannes
roelvdw
Enthusiast
Posts: 60
Liked: 6 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Re: Secure restore

Post by roelvdw »

Hi Hannes

Kaspersky EndPoint Security & Kaspersky Security 10 for Windows Server works both from command line.
Do i have choose for "IsPortableSoftware=true" ?

Kind regards

Roel
HannesK
Product Manager
Posts: 14287
Liked: 2877 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: Secure restore

Post by HannesK »

Hello,
I understand, but I guess our software cannot deal with two identical names (Name=...). Just try to rename them and if you keep both options for both scanners, then something should work.

I can only guess as I don't have the software. I would just try both (as you already do).

Best regards,
Hannes
Mike Resseler
Product Manager
Posts: 8044
Liked: 1263 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: Secure restore

Post by Mike Resseler »

Roel,

IsPortableSoftware is probably false. I assume it is installed, as I see entries for a service.

That said, are all of those different ones installed on the server? I see potential issues with the server version and the workstation version being installed on that server? In the end, we use the service running on the server that will execute the datalab.
roelvdw
Enthusiast
Posts: 60
Liked: 6 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Re: Secure restore

Post by roelvdw »

Hi Mike

Do you mean it could be a problem that i have entry for EndPoint and servers ? Kaspersky Security 10 for Windows Servers command line is with kavshell.exe command. Directory is c:\program files (x86)\Kaspersky Lab\Kaspersky Security 10 for Windows Server. but there is also a service for Kaspersky .

What do i have to choose > isportablesoftware=false or true.
The Manuel says > true when exe is available. False when there is service
Mike Resseler
Product Manager
Posts: 8044
Liked: 1263 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: Secure restore

Post by Mike Resseler »

I am assuming you will be running the server version on the server responsible for mounting the backup? If so, use the server version. And I think, that it will be a service so isportablesofware=false

If you make the changes, let us know how it looks then
roelvdw
Enthusiast
Posts: 60
Liked: 6 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Re: Secure restore

Post by roelvdw »

Hi Mike

I have changed thé XML file.
It detects Kaspersky on server and start scanning but it failed with exitcode -6 unknown command
Mike Resseler
Product Manager
Posts: 8044
Liked: 1263 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: Secure restore

Post by Mike Resseler »

I just tried to find some documentation on those error codes but not really successful. Any change you are registered on their forums or have a support contract? That might be the quickest way to figure out what each exit code means.
roelvdw
Enthusiast
Posts: 60
Liked: 6 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Re: Secure restore

Post by roelvdw »

Hi Mike

Error code -6 means unknown command.
Some wrong argument in command or not Wright command
Mike Resseler
Product Manager
Posts: 8044
Liked: 1263 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: Secure restore

Post by Mike Resseler »

OK. Could you post the data you have in the XML command again? Might be a little error inside. If I can't see it, we might need to create support call.
roelvdw
Enthusiast
Posts: 60
Liked: 6 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Re: Secure restore

Post by roelvdw »

Hi I haved added this to XML file.

<AntivirusInfo Name='Kaspersky Security 10 for Windows Server' IsPortableSoftware='true' ExecutableFilePath='C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security 10 for Windows Server\kavshell.exe' CommandLineParameters='%Path% SCAN /FIXDRIVES /FA /AI:AUTO /AS:AUTO' RegPath='' ServiceName='' ThreatExistsRegEx='Threat\s+found' IsParallelScanAvailable='false'>
<ExitCodes>
<ExitCode Type="Error" Description='Verkeerd commando'>-6</ExitCode>
<ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
<ExitCode Type='Error' Description='Invalid command line argument'>1</ExitCode>
<ExitCode Type='Error' Description='Antivirus scan was completed with errors'>2</ExitCode>
<ExitCode Type='Error' Description='Antivirus scan was canceled'>4</ExitCode>
<ExitCode Type='Infected' Description='Virus threat was detected'>3</ExitCode>
</ExitCodes>
</AntivirusInfo>

i get error -6 unknown command

I have also created a case with support last week
Case # 03408740

kind regards
MichaelCade
Veeam Software
Posts: 314
Liked: 74 times
Joined: Mar 23, 2015 11:55 am
Full Name: Michael Cade
Location: Cambridge, United Kingdom
Contact:

Re: Secure restore

Post by MichaelCade »

Thanks I will keep an eye on the support case.
Regards,

Michael Cade
Global Technologist
Veeam Software
Email: Michael.Cade@Veeam.com
Twitter: @MichaelCade1
roelvdw
Enthusiast
Posts: 60
Liked: 6 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Re: Secure restore

Post by roelvdw »

Hi Michael

I am already a step further in scanning.
The C drive scan completed but the other part of c drive gives error -83 > means unchecked object founds.

I also created a request on kaspersky forum. Keep you posted what Kaspersky saying about this error µµ

https://forum.kaspersky.com/index.php?/ ... ent-330273
roelvdw
Enthusiast
Posts: 60
Liked: 6 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Re: Secure restore

Post by roelvdw »

there was error in the command parameters .

this is the wright command
<AntivirusInfo Name='Kaspersky Security 10 for Windows Server' IsPortableSoftware='true' ExecutableFilePath='C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security 10 for Windows Server\kavshell.exe' CommandLineParameters='SCAN %Path% /FIXDRIVES /FA /AI:AUTO /AS:AUTO' RegPath='' ServiceName='' ThreatExistsRegEx='Threat\s+found' IsParallelScanAvailable='false'>
<ExitCodes>
<ExitCode Type="Error" Description='Verkeerd commando'>-6</ExitCode>
<ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
<ExitCode Type='Error' Description='Invalid command line argument'>1</ExitCode>
<ExitCode Type='Error' Description='Antivirus scan was completed with errors'>2</ExitCode>
<ExitCode Type='Error' Description='Antivirus scan was canceled'>4</ExitCode>
<ExitCode Type='Infected' Description='Virus threat was detected'>3</ExitCode>
</ExitCodes>
</AntivirusInfo>

but get errorcode -83 > unchecked objects found
Mike Resseler
Product Manager
Posts: 8044
Liked: 1263 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: Secure restore

Post by Mike Resseler »

Roel,

I'm guessing here... That backup that you are scanning... Any change it has already quarantined objects in it?
roelvdw
Enthusiast
Posts: 60
Liked: 6 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Re: Secure restore

Post by roelvdw »

Hi Mike

No quarantained files Found
Only unknown objects
Dima P.
Product Manager
Posts: 14396
Liked: 1568 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: Secure restore

Post by Dima P. »

Hello Roel,

For the test purposes can you please make CommandLineParameters more lightweight?

1. I assume you don't need to use SCAN (as you would like to scan all the volumes in the backup and all the files are online anyway, right?)
2. FIXDRIVES, let's leave it
/FA /AI:AUTO /AS:AUTO
Do you have any description to share with me for these command line keys?

When you have zero command line keys specified does it scan all the volumes in from the backup? Thank you in advance!
roelvdw
Enthusiast
Posts: 60
Liked: 6 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Re: Secure restore

Post by roelvdw »

Hi Dima

This is the Kaspersky Manual
https://kaspersky.aeminiummultimedia.pt ... ide_en.pdf

1) yes i think i Need the scan command.
2) ok i leave fixdrives parameter

What do you mean with the last ?
Which command do i have to use then > only scan %path% \ fixdrives ?
Other parameters are \Scancritical in place of scan . Or scan \memory \shared \mycomp ...

You can Find all commands in the manual

Kind regards

Roel
Dima P.
Product Manager
Posts: 14396
Liked: 1568 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: Secure restore

Post by Dima P. »

Code: Select all

KAVSHELL SCAN C:\VeeamFLR\
Looks like this is the only key needed for CommandLineParameters is path the folder (it will point the scan to the predefined folder where we mount disks from backup file). Can you please try this command line parameter? Cheers!
roelvdw
Enthusiast
Posts: 60
Liked: 6 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Re: Secure restore

Post by roelvdw »

Hi Dima

Ok i gonna try it out tomorrow.
roelvdw
Enthusiast
Posts: 60
Liked: 6 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Re: Secure restore

Post by roelvdw »

Hi Dima

I changed commandlineparameter to
<'SCAN %Path% c:\VeeamFLR '>

It works.

For Surebackup > do i have to change thé parameters? Or does scan Surebackup automatically the Wright volumes ?
Post Reply

Who is online

Users browsing this forum: Google [Bot] and 193 guests