Host-based backup of Microsoft Hyper-V VMs.
Post Reply
outtatime
Lurker
Posts: 1
Liked: never
Joined: Mar 28, 2022 3:03 pm

Veeamagent.exe in x86 not showing P20220302 after update

Post by outtatime »

Veeam patches were deployed from the main VBR system to all repositories successful and console shows patch version to be P20220302 for all distributions with no errors.

Security team runs regular security scans and this is detecting that the file here C:\Program Files (x86)\Veeam\Backup Transport\\x86\VeeamAgent.exe is still at version P20211211.In checking that file it indeed does not show the updated version and is at P20211211, but almost every other file was updated including the veeamagent.exe in the non x86 directory. Verified again in Veeam console that all distribution points show to be properly updated to latest patch. Do not want to do anything outside of the normal push update on this file as the process should work and seems like this would not be advised.

Is anyone else seeing this? Is there an additional action to update this specific file? Or can we inform our Information security office that this is expected behavior and the scan result can be considered a false positive?
Gostev
Chief Product Officer
Posts: 31804
Liked: 7298 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: Veeamagent.exe in x86 not showing P20220302 after update

Post by Gostev » 3 people like this post

Correct. Patches obviously don't update every single file, but only those that actually required changes. The data mover in particular did not require any changes in P20220302 as it did not contain any vulnerabilities. As a rule of thumb, as long as the About dialog shows the correct patch level after the build number, and you don't see any backup infrastructure components marked as Out of Date in the backup console, then you're good.
robvh
Novice
Posts: 4
Liked: never
Joined: Apr 12, 2022 11:15 am
Full Name: R. van Halteren
Contact:

Re: Veeamagent.exe in x86 not showing P20220302 after update

Post by robvh »

I can understand that these components may not be vulnerable, however why was the version of these files on the Backup and Replication Server itself updated?
Our vuln. scanner checks (among other things) for the filedate of 'C:\Program Files (x86)\Veeam\Backup Transport\x86\VeeamAgent.exe', and that has not been updated on the VM hosts
On the veaam server it has been updated. Also the files on the veaam server internally have 11.0a-CP4-20220302 as internal fileversion, where the vmhosts have 11.0a-CP3-20211211.
Even when removing and redeploy they still have the CP3 version
veremin
Product Manager
Posts: 20400
Liked: 2298 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: Veeamagent.exe in x86 not showing P20220302 after update

Post by veremin »

Not sure what exact files and what exact location (VMhosts, for instance) you're referring to, but as mentioned above it's normal to see just a bunch of files updated. What does your About dialog show? And do you have any outdated components shown in backup console? Thanks!
robvh
Novice
Posts: 4
Liked: never
Joined: Apr 12, 2022 11:15 am
Full Name: R. van Halteren
Contact:

Re: Veeamagent.exe in x86 not showing P20220302 after update

Post by robvh »

Sorry for the late response
I'm talking about hyper-v hosts.
They only have a few services, so there is no gui or about box.
After upgrading the Veaam backup server it also says it updates the hyper-v hosts, however their version (from the files as that's the only option) still shows the old build number
veremin
Product Manager
Posts: 20400
Liked: 2298 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: Veeamagent.exe in x86 not showing P20220302 after update

Post by veremin »

As long as you don't see any outdated components or failed jobs in the backup server console, I think you should be all good. However, if you want to get additional assurance, you can reach our support team and let them confirm that update process has gone smoothly. Thanks!
johannesk
Expert
Posts: 159
Liked: 37 times
Joined: Jan 19, 2016 1:28 pm
Full Name: Jóhannes Karl Karlsson
Contact:

[MERGED]Vulnerability reported even after P20220302

Post by johannesk »

Hi,

We installed the P20220302 asap when it got out. In the process the proxy servers got the update from VBR.

Our vulnerability scanner reports one of the proxy server to have the vulnerability like this.

C:\Program Files (x86)\Veeam\Backup Transport\\x86\VeeamAgent.exe Version is 11.0.1.1261
Current file modified date: {day=11, year=2021, minute=35, month=12, hour=2, second=16}
File modified date for C:\Program Files (x86)\Veeam\Backup Transport\\x86\VeeamAgent.exe should be (YYYY-MM-DD HH:MM:SS): 2022-3-1 0:0:0 or higher

I removed all the veeam components from the proxy server and made the wizard in VBR install them again. Still the vulnerability scanner reports this.

Is there a newer version of VeeamAgent.exe that we should be running? or is this a false positive in the vulnerability scanner.

Regards,
Jóhannes
Mildur
Product Manager
Posts: 9847
Liked: 2606 times
Joined: May 13, 2017 4:51 pm
Full Name: Fabian K.
Location: Switzerland
Contact:

Re: Veeamagent.exe in x86 not showing P20220302 after update

Post by Mildur » 1 person likes this post

Hi Johannes

Please see the answer from my colleagues.
The Patch doesn't update all components to the new Patch Level.
VeeamAgent.exe was not affected, so it's still on the older patch level.
Product Management Analyst @ Veeam Software
Post Reply

Who is online

Users browsing this forum: No registered users and 21 guests