-
- Veteran
- Posts: 543
- Liked: 63 times
- Joined: Jun 06, 2018 5:41 am
- Full Name: Per Jonsson
- Location: Sweden
- Contact:
Malware Detection Settings
Folks,
Are there any of you out there that have enabled the "Inline entropy analysis"?
Is the impact on the backup times great when the "Normal" setting is used?
Any difference between VMs and physical machines?
We have a physical fileserver cluster with approx. 18 TB data and 10 million files.
An incremental backup of the cluster takes about 90 minutes without that function enabled, and around 200 to 300 GB is backed up.
I wish that this setting was a job setting, and not a global setting for all jobs. Then I could have tried it at a smaller scale...
Kind regards,
PJ
Are there any of you out there that have enabled the "Inline entropy analysis"?
Is the impact on the backup times great when the "Normal" setting is used?
Any difference between VMs and physical machines?
We have a physical fileserver cluster with approx. 18 TB data and 10 million files.
An incremental backup of the cluster takes about 90 minutes without that function enabled, and around 200 to 300 GB is backed up.
I wish that this setting was a job setting, and not a global setting for all jobs. Then I could have tried it at a smaller scale...
Kind regards,
PJ
-
- Product Manager
- Posts: 10982
- Liked: 3016 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Malware Detection Settings
Hi Per Jonsson
I suggest you run a test on your backup server with a test machine.
https://helpcenter.veeam.com/docs/backu ... ml?ver=120
Best,
Fabian
I suggest you run a test on your backup server with a test machine.
You can run it for a single machine. Enable inline scan and exclude all other machines except the machine you want to test:I wish that this setting was a job setting, and not a global setting for all jobs. Then I could have tried it at a smaller scale...
https://helpcenter.veeam.com/docs/backu ... ml?ver=120
Best,
Fabian
Product Management Analyst @ Veeam Software
-
- Veteran
- Posts: 543
- Liked: 63 times
- Joined: Jun 06, 2018 5:41 am
- Full Name: Per Jonsson
- Location: Sweden
- Contact:
Re: Malware Detection Settings
Okay, thanks!
Just now I discovered that the old job setting called "Enable guest file system indexing" has been changed to "Enable guest file system indexing and malware detection". Must that function be enabled in order to get malware detection at all? If so, then I have used malware detection only on the fileserver cluster, because that is the only job that has indexing enabled...
Just now I discovered that the old job setting called "Enable guest file system indexing" has been changed to "Enable guest file system indexing and malware detection". Must that function be enabled in order to get malware detection at all? If so, then I have used malware detection only on the fileserver cluster, because that is the only job that has indexing enabled...
-
- Product Manager
- Posts: 10982
- Liked: 3016 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Malware Detection Settings
My understanding was, that your question was about "Inline entropy analysis".
"Inline entropy analysis" doesn't require the guest index. It reads the data blocks of the disk of your machine.
Enabling "guest file indexing" is required for malware detection method "guest index scan":
https://helpcenter.veeam.com/docs/backu ... ml?ver=120
Best,
Fabian
"Inline entropy analysis" doesn't require the guest index. It reads the data blocks of the disk of your machine.
Enabling "guest file indexing" is required for malware detection method "guest index scan":
https://helpcenter.veeam.com/docs/backu ... ml?ver=120
Best,
Fabian
Product Management Analyst @ Veeam Software
-
- Veteran
- Posts: 543
- Liked: 63 times
- Joined: Jun 06, 2018 5:41 am
- Full Name: Per Jonsson
- Location: Sweden
- Contact:
Re: Malware Detection Settings
Yes, it was. It's just that it still is a bit confusing for me, since there are settings at three different places; The main menu, the "Malware Detection" node in the Inventory pane, and now also in the guest indexing job setting. But I will probably get the hang of it in due course. 

-
- Veteran
- Posts: 543
- Liked: 63 times
- Joined: Jun 06, 2018 5:41 am
- Full Name: Per Jonsson
- Location: Sweden
- Contact:
Re: Malware Detection Settings
One of the "suspicious" file extensions included in the default XML file, is used by a legitimate software that we use. In fact, there are over 3000 files that are regarded as suspicious because of this.
If I exclude that extension, then Malware Detection will ignore that filetype completely, right? So, if a malware using that extension should find its way into our environment, then Malware Detection will not detect it?
If I exclude that extension, then Malware Detection will ignore that filetype completely, right? So, if a malware using that extension should find its way into our environment, then Malware Detection will not detect it?
-
- Product Manager
- Posts: 10982
- Liked: 3016 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Malware Detection Settings
Yes, the guest file index scanner would ignore this file extension for all machines.
Best,
Fabian
Best,
Fabian
Product Management Analyst @ Veeam Software
-
- Veteran
- Posts: 543
- Liked: 63 times
- Joined: Jun 06, 2018 5:41 am
- Full Name: Per Jonsson
- Location: Sweden
- Contact:
Re: Malware Detection Settings
Right.
But if I turn on the Inline Scan, then it would probably be detected, or?
But if I turn on the Inline Scan, then it would probably be detected, or?
-
- Product Manager
- Posts: 10982
- Liked: 3016 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Malware Detection Settings
Inline scan does not scan for specific file extensions. Inline scan detects encrypted files, onion links or ransom notes.
Please check our user guide for the difference of guest index scan ("File system activity analysis") and inline scan ("Inline entropy analysis"): https://helpcenter.veeam.com/docs/backu ... ml?ver=120
Best,
Fabian
Please check our user guide for the difference of guest index scan ("File system activity analysis") and inline scan ("Inline entropy analysis"): https://helpcenter.veeam.com/docs/backu ... ml?ver=120
Best,
Fabian
Product Management Analyst @ Veeam Software
-
- Veteran
- Posts: 543
- Liked: 63 times
- Joined: Jun 06, 2018 5:41 am
- Full Name: Per Jonsson
- Location: Sweden
- Contact:
Re: Malware Detection Settings
Okay, I will do some testing to see how much the backup times increase when using Malware Detection in various jobs.
I guess that the best would be to use both Guest Indexing Scan and Inline Scan simultaneously.
Thanks!
Kind regards,
PJ
I guess that the best would be to use both Guest Indexing Scan and Inline Scan simultaneously.
Thanks!
Kind regards,
PJ
-
- Veteran
- Posts: 543
- Liked: 63 times
- Joined: Jun 06, 2018 5:41 am
- Full Name: Per Jonsson
- Location: Sweden
- Contact:
Re: Malware Detection Settings
Is the Malware Detection feature not available in NAS/Fileshare backups?
-
- Product Manager
- Posts: 10982
- Liked: 3016 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Malware Detection Settings
No not yet. All supported workload are documented in the user guide:
- Guest Index Scan
- Inline Scan
We have it on the roadmap.
Unfortunately I cannot share an ETA when our Malware Scan feature will be available for NAS backup jobs as well.
Best,
Fabian
- Guest Index Scan
- Inline Scan
We have it on the roadmap.
Unfortunately I cannot share an ETA when our Malware Scan feature will be available for NAS backup jobs as well.
Best,
Fabian
Product Management Analyst @ Veeam Software
-
- Veteran
- Posts: 543
- Liked: 63 times
- Joined: Jun 06, 2018 5:41 am
- Full Name: Per Jonsson
- Location: Sweden
- Contact:
Re: Malware Detection Settings
Okay, thanks!
-
- Veteran
- Posts: 543
- Liked: 63 times
- Joined: Jun 06, 2018 5:41 am
- Full Name: Per Jonsson
- Location: Sweden
- Contact:
Re: Malware Detection Settings
I have tried to enable ”Guest file system indexing and malware detection” for as many VMs as possible, but I got multiple warnings saying "Failed to index guest file system. Veeam Guest Agent is not started".
Is it so that this function only works when Application Aware is used, or alternatively, when another credential than vSphere Admin is used in the backup, for example a local admin account?
Is it so that this function only works when Application Aware is used, or alternatively, when another credential than vSphere Admin is used in the backup, for example a local admin account?
-
- Veteran
- Posts: 543
- Liked: 63 times
- Joined: Jun 06, 2018 5:41 am
- Full Name: Per Jonsson
- Location: Sweden
- Contact:
Re: Malware Detection Settings
I never got any reply to the question above.
PJ
PJ
-
- Veeam Software
- Posts: 3037
- Liked: 701 times
- Joined: Jun 28, 2016 12:12 pm
- Contact:
Re: Malware Detection Settings
Hi Per,
Apologies that there was a delay here; based on the error message there, my "first blush" impression is there was either an issue with deploying the indexing agent to the GuestOS being backed up or something interfered with the agent once deployed, but unfortunately hard to tell from just this.
You don't need to have the Application Aware Processing enabled to deploy the Guest Indexing agent; it _could_ be related to credentials, but I would expect that the Test Credentials test fails as well if that were the case.
I would reproduce the issue and open a Support Case with logs for the affected job. The message itself is fairly straightforward, it's just a question of "why did the agent not start?", which logs should give pretty good clues to. (Just a note, Support might also ask for logs from the GuestOS in question (System/Application Event logs if Windows, all of /var/log if Linux).
Apologies that there was a delay here; based on the error message there, my "first blush" impression is there was either an issue with deploying the indexing agent to the GuestOS being backed up or something interfered with the agent once deployed, but unfortunately hard to tell from just this.
You don't need to have the Application Aware Processing enabled to deploy the Guest Indexing agent; it _could_ be related to credentials, but I would expect that the Test Credentials test fails as well if that were the case.
I would reproduce the issue and open a Support Case with logs for the affected job. The message itself is fairly straightforward, it's just a question of "why did the agent not start?", which logs should give pretty good clues to. (Just a note, Support might also ask for logs from the GuestOS in question (System/Application Event logs if Windows, all of /var/log if Linux).
David Domask | Product Management: Principal Analyst
Who is online
Users browsing this forum: AdsBot [Google], Amazon [Bot] and 81 guests