Veeam Endpoint Backup and Truecrypt

Backup agent for Microsoft Windows servers and workstations (formerly Veeam Endpoint Backup FREE)

Re: Veeam Endpoint Backup and Truecrypt

Veeam Logoby Wondering » Tue Mar 29, 2016 2:40 pm

I've tried the workaround and it worked with the initial backup, but fails with the incremental backups (Error: Shared memory connection was closed. Failed to upload disk. Agent failed to process method {DataTransfer.SyncDisk}). Whatever this error means I don't think it's worth analyzing it because the main problem is the first issue. It also feels wrong having to use a shared folder for backups just because the backup software doesn't see a mounted drive.

Dima, could you please manually create a support case for that? I'm sure this isn't related to my system, so there's no need to send system data in a blackbox. You shouldn't request getting information from users systems without them knowing what's inside anyway. At least show the collected information before sending it.

The TrueCrypt drive (not container!) is mounted via "Select Device" > "Mount". So nothing special here.
Wondering
 

Re: Veeam Endpoint Backup and Truecrypt

Veeam Logoby Dima P. » Mon Apr 04, 2016 11:18 pm

Hi Wondering,

I am sorry but I can’t - support cases can be opened only via VEB’s Control Panel. I wanted to ask our QA to look into your particular issue, but generally, we do not support TrueCrypt solution as a source and as a target (moreover, it looks like it’s no longer supported by its vendor).

Instead, we have a complete compatibility with MS BitLocker. It can be used as a backup destination, as a source for backup and is fully restorable. Thanks.
Dima P.
Veeam Software
 
Posts: 6762
Liked: 483 times
Joined: Mon Feb 04, 2013 2:07 pm
Location: SPb
Full Name: Dmitry Popov

Re: Veeam Endpoint Backup and Truecrypt

Veeam Logoby Wondering » Tue Apr 05, 2016 12:01 am

It's probably the wrong place to discuss whether to use Bitlocker or TrueCrypt, so I'm skipping my comment on this.

Instead I'd like to point out that a mounted TrueCrypt container or partition is treated as a normal drive in Windows. In all these years I have never ever come across a software that didn't see the mounted drive (including many different backup software products). Veeam is the very first one and this actually makes me wonder. There is absolutely no technical reason for not being able to write to that drive (it's just a normal Windows drive/folder!). The only reason I see is that the drive is hidden/blocked on purpose by Veeam. I consider this problematic in terms of trustworthiness. Why would you block TrueCrypt on purpose while at the same time advertising BitLocker? This is something to think about for a minute.

Three weeks ago I've been at a fair where I had a nice chat with your team at your exhibition booth there. I'm actually in the process of pushing your server backup solutions for consideration in our company. This topic here however is for my private use (also a result of that chat). The very first contact with your product results in a technical problem (not good, but acceptable if it can be resolved). However, trying to find a solution for this leads to the first trust-problem where you require private system data to be sent in a blackbox to you to file an issue report, and a second trust-problem where you assumingly on purpose disallow TrueCrypt use.

I'm afraid, but one of the most important things for a company that deals with user data is trust. Users need to trust you to get your hands on their data. My first experience with your software shows everything but trustability. This is really a pity as it's in contrast to my reasons for using your software in our company. I'm afraid but I'm going to have to withdraw or at least freeze my recommendation for using your software.
Wondering
 

Re: Veeam Endpoint Backup and Truecrypt

Veeam Logoby Dima P. » Tue Apr 05, 2016 6:31 pm

Wondering,
it's just a normal Windows drive/folder!

TrueCrypt software mounts encrypted container to the OS - that’s true. However, it does not make this container a usual volume/folder since the mount process is controlled by TrueCrypt software (or I am missing something?)
Why would you block TrueCrypt on purpose while at the same time advertising BitLocker?

We never blocked USB devices of any kind. I bet the flash drive you used to store a TrueCrypt container is visible in the VEB job’s destination step. Regarding the mount issues or the error you posted while backing up to encrypted container, I’ve asked you for the logs and the support case in my first post to start the investigation.
second trust-problem where you assumingly on purpose disallow TrueCrypt use

This thread contains several reports from other community members are successfully using TrueCrypt files as a source or as a destination.
require private system data to be sent in a blackbox to you to file an issue report

You can check the debug logs (C:\ProgramData\Veeam) on your own to make sure they don’t contain personal information of any kind. If you are uncomfortable with sending the very same folder to support team via VEB’s UI, share it with me via any available could hosting (dropbox/google drive or any other works) - I am here to help.
one of the most important things for a company that deals with user data is trust.

While I strongly agree with you on this one, I am still quite surprised that you do trust to the software which support was dropped by it’s own vendor two years ago.
Dima P.
Veeam Software
 
Posts: 6762
Liked: 483 times
Joined: Mon Feb 04, 2013 2:07 pm
Location: SPb
Full Name: Dmitry Popov

Re: Veeam Endpoint Backup and Truecrypt

Veeam Logoby Wondering » Tue Apr 05, 2016 10:16 pm

Dima P. wrote:I am still quite surprised that you do trust to the software which support was dropped by it’s own vendor two years ago.

Frankly, I don't understand why you continue to pick on TC. This topic isn't about whether to use TC or not. I could write a long text about why your recommendation to use Bitlocker is highly unreasonable and why TrueCrypt is the only secure solution to use today. But this isn't my goal here and it wouldn't change anything about the problem. But if you insist, let me answer briefly: TC is Open Source with several intense code reviews. I too had a look through the code to get my own picture about a couple of things. Mind, if I have a look at your source code, too? ;)

Dima P. wrote:We never blocked USB devices of any kind.

This statement doesn't have anything to do with the my question, because a mounted TC container is not a USB device.

Dima P. wrote:I bet the flash drive you used to store a TrueCrypt container is visible in the VEB job’s destination step.

This also has nothing to do with my problem. Please read my postings again. I'm not mounting a flash drive nor am I mounting a TC container.

Dima P. wrote:I’ve asked you for the logs and the support case in my first post to start the investigation. […]If you are uncomfortable with sending the very same folder to support team via VEB’s UI, share it with me via any available could hosting (dropbox/google drive or any other works) - I am here to help.

You’re turning the situation upside down: The logs are not relevant for this situation. I wanted to submit a technical issue ticket without sending any logs. Now you’re suggesting to send you the logs without submitting a ticket. :?

Dima P. wrote:This thread contains several reports from other community members are successfully using TrueCrypt files as a source or as a destination.

Please show me those postings. I only read several messages saying it’s not possible to backup to a TC target.
But again: Nobody is requesting you to create special TC functionality or compatibility. The request is simply to backup to any folder that is accessible in Windows, like all other applications do as well.
Wondering
 

Re: Veeam Endpoint Backup and Truecrypt

Veeam Logoby Jan1 » Wed Apr 06, 2016 4:31 am

Hi,

I am an enthusiast TC. But as I remember TC has some vulnerabilities (even escalate permissions).
Most reasonable is use Veracrypt. But I am not expert in encryption and software security. I use TC but I think to migrate to VC.
I hope some day VEB will support external drivers as a source of backup. In TC you can mount container as USB drive I hope it will help.

BTW
Some time ago I discovered:

If you want to put backup TO TrueCrypt volume you have to create in TC volume directory and share it (in permission you have to add SYSTEM) in VEB you have to choose as a destination network location and set shared folder from TC volume.

Jan
Jan1
Influencer
 
Posts: 17
Liked: 2 times
Joined: Mon Dec 29, 2014 7:15 pm

Re: Veeam Endpoint Backup and Truecrypt

Veeam Logoby Dima P. » Fri Apr 08, 2016 3:12 pm 1 person likes this post

Thanks Jan!

We had a conversation with our DEVs regarding this thread. On a local storage destination step, we allow to pick a volume that is physically presented to the operating system (so, it would work with a regular volume residing the hard disk or removable storage only).

First possible workaround is, indeed, to use a shared folder destination and point the backup job to the container of any kind via administrative share. Another option for the local storage destination step is to use symlink. Mount the TrueCrypt container as a regular folder underneath a volume that resides physical disk, and then choose this folder, as a backup destination and it should do the trick.
Dima P.
Veeam Software
 
Posts: 6762
Liked: 483 times
Joined: Mon Feb 04, 2013 2:07 pm
Location: SPb
Full Name: Dmitry Popov

Re: Veeam Endpoint Backup and Truecrypt

Veeam Logoby Michel83 » Tue Mar 21, 2017 9:34 am

Any news to that case? I have a mounted VeraCrypt file as drive "V:" and can't see this drive in Veeam. Is there any workaround?
Michel83
Lurker
 
Posts: 1
Liked: never
Joined: Tue Mar 21, 2017 9:15 am
Full Name: Michel

Re: Veeam Endpoint Backup and Truecrypt

Veeam Logoby Dima P. » Tue Mar 21, 2017 2:46 pm

Hi Michel83,

use a shared folder destination and point the backup job to the container of any kind via administrative share. Another option for the local storage destination step is to use symlink

Does that work in your case with VeraCrypt? Thanks.
Dima P.
Veeam Software
 
Posts: 6762
Liked: 483 times
Joined: Mon Feb 04, 2013 2:07 pm
Location: SPb
Full Name: Dmitry Popov

[MERGED] Backup a VeraCrypt encrypted PC

Veeam Logoby mensa » Thu Nov 02, 2017 3:17 pm

Hello,

I am interested in backing up an encrypted PC (Encrypted System Partition by VeraCrypt).
So for backup the PC must be turned on (bott password entered) and the data is encrypted at runtime, that Windows can be loaded. I am wondering about the backup now.
If anyone steals the backup files, would the one be able to restore and run that backup on any other PC?
I think one should could get only until that point, where you have to enter the boot password.

But what's about extracting files from the Veeam backup files? Is that possible?
I think because the backed up data was not encrypted at the time of backup (system booted into Windows), maybe the whole backup is not encrypted by VeraCrypt and files can be extraced easily. What do you think?
mensa
Influencer
 
Posts: 16
Liked: never
Joined: Thu Nov 02, 2017 3:10 pm

[MERGED Backup a VeraCrypt encrypted PC

Veeam Logoby vClintWyckoff » Mon Nov 06, 2017 3:36 am

Mensa-
Check this thread out.
vClintWyckoff
Expert
 
Posts: 500
Liked: 109 times
Joined: Sat Oct 27, 2012 1:22 am
Location: Technical Evangelist
Full Name: Clint Wyckoff

Re: Veeam Endpoint Backup and Truecrypt

Veeam Logoby Dima P. » Tue Nov 07, 2017 10:24 pm

So for backup the PC must be turned on (bott password entered) and the data is encrypted at runtime, that Windows can be loaded. I am wondering about the backup now.
If anyone steals the backup files, would the one be able to restore and run that backup on any other PC?

If the volume is unlocked Veeam Agent backs it up as a regular non-encrypted partition.
But what's about extracting files from the Veeam backup files? Is that possible?

Only by performing a recovery.
I think because the backed up data was not encrypted at the time of backup (system booted into Windows), maybe the whole backup is not encrypted by VeraCrypt and files can be extraced easily. What do you think?

Correct. If you want to keep your backup file protected it's highly enable backup files encryption (it's available in all versions including free edition)
Dima P.
Veeam Software
 
Posts: 6762
Liked: 483 times
Joined: Mon Feb 04, 2013 2:07 pm
Location: SPb
Full Name: Dmitry Popov

Previous

Return to Veeam Agent for Windows



Who is online

Users browsing this forum: No registered users and 1 guest