Where to find Security & Compliance Analyzer results in Windows Event Log?

matsusan · Post by **matsusan** » May 15, 2026 2:00 pm this post

The documentation for the Security & Compliance Analyzer states that results are written to the Windows Event Log.
(https://helpcenter.veeam.com/docs/vbr/u ... tml?ver=13)

However, I can't find these logs. I have already checked the "Veeam Backup", "Veeam Security", "Application" and "System" event log source without success.

Could you please clarify:

Which specific Event Log contains the analyzer results?

Are there any specific Event IDs for these scan results?

What information is included in the log entries (e.g., a summary or detailed results)?

Thanks,
Ryoma

Post by **david.domask** » May 15, 2026 2:15 pm this post

Hi Ryoma,

Check the VeeamBackup event log under Application and Services Logs in event viewer, it will post with Event Id 41600.

Here's an example of an event (replaced server names with generic entries):

Code: Select all

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
		<Provider Name="Veeam MP"/>
		<EventID Qualifiers="0">41600</EventID>
		<Version>0</Version>
		<Level>3</Level>
		<Task>0</Task>
		<Opcode>0</Opcode>
		<Keywords>0x80000000000000</Keywords>
		<TimeCreated SystemTime="2026-05-14T20:05:21.1823719Z"/>
		<EventRecordID>287036</EventRecordID>
		<Correlation/>
		<Execution ProcessID="3460" ThreadID="0"/>
		<Channel>Veeam Backup</Channel>
		<Computer>{BACKUP SERVER}</Computer>
		<Security/>
	</System>
- <EventData>
		<Data>05/14/2026 20:02:24</Data>
		<Data>7509ce0c-8e75-487b-8c99-19b1c6e6920d</Data>
		<Data>RansomwareExtensions</Data>
		<Data>SYSTEM</Data>
		<Data>
			<ModifiedUserInfo fullName="SYSTEM" loginType="4"/>
		</Data>
		<Data>SOME VM</Data>
		<Data>05/14/2026 20:05:21</Data>
		<Data/>
		<Data/>
		<Data/>
		<Data/>
		<Data/>
		<Data/>
		<Data/>
		<Data/>
		<Data/>
		<Data>{BACKUP SERVER}</Data>
		<Data>13.0.1.2067</Data>
		<Data>1</Data>
		<Data>Locations of suspicious files can be found on the backup server at C:\ProgramData\Veeam\Backup\Malware_Detection_Logs\suspicious_files_26-05-14.log Potential malware activity detected: *-decrypt.txt: 1 for OIB: 7509ce0c-8e75-487b-8c99-19b1c6e6920d (SOME VM), rule: Known malware extension by user: SYSTEM.</Data>
	</EventData>
</Event>

matsusan · May 15, 2026 2:21 pm

Hi Domask,

Thank you for your prompt reply, as always.
I will check the information you provided.

Best regards,
Ryoma

matsusan · Post by **matsusan** » May 19, 2026 1:51 pm this post

Hi Domask,

I checked the event log and indeed found the event with ID 41600. Thank you!

However, I have one additional question.
The guide states:
"All scan sessions are also written by Veeam Backup & Replication to Microsoft Windows Event Log."

Based on this, is my understanding correct that an event log is generated for every scan session, even when no malware is detected?

Thanks,
Ryoma

R&D Forums

Where to find Security & Compliance Analyzer results in Windows Event Log?

Re: Where to find Security & Compliance Analyzer results in Windows Event Log?

Re: Where to find Security & Compliance Analyzer results in Windows Event Log?

Re: Where to find Security & Compliance Analyzer results in Windows Event Log?

Who is online