Hi,
we separated our Backup Network and some other Networks to protect our Servers against Ransomeware.
But to access the admin share for the Veeam Backup & Replication components (guesthelpertool, Backup Proxy Service, ...)
we need to open widely the following ports in the firewall:
CIFS:445
LDAP GC: 3268
Netbios LS:135
Netbios NS:137
Netbios SSN: 139
Netbios DGM: 138
RPC Dynamic Port: 1024-65535
Veeam Backup Proxy Service:6162
Veeam Installer Service: 6160
Veeam NFS RPC: 6161
Veeam NFS RPC Portmapper: 111
Veeam RPC Port 1:2049
Veeam RPC Port 2: 1058
for Example to access the MSSQL network, only port 1433 needed,
so ransomware can't access and encrypt any share from the other Networks.
Should be infected for some reason the backupserver, the backupserver can access all shares
and can also infect all Servers protected by Veeam.
My Feature Request:
Is it possible to install the guesthelpertools and an Update Agent manually
directly on the "Veeam protected Microsoft Windows Server" such as, for example, some antivirus manufacturer?
The Installed guesthelper and an Update Agent can run as Service as Local System Account or as Local Admin.
The Update agent can install and update the guesthelpertools and no Admin Share and Access is needed.
Now the ports are maybe limited to the following Ports:
Veeam Update Agent
Veeam Backup Proxy Service:6162
Veeam Installer Service: 6160
Veeam RPC Port 1:2049
Veeam RPC Port 2: 1058
Should be infected for some reason the backupserver, now only the Backupservers are encrypted and the other Networks are protected.
-
- Lurker
- Posts: 1
- Liked: never
- Joined: Mar 16, 2015 12:03 pm
- Full Name: Andreas
- Contact:
-
- VP, Product Management
- Posts: 27377
- Liked: 2802 times
- Joined: Mar 30, 2009 9:13 am
- Full Name: Vitaliy Safarov
- Contact:
Re: Feature Request: installable Guesthelper against ransomw
No, it is not possible, however network access to processed VMs is not required, you can failover to VIX-engine for accessing VMs with no network connection to the backup server.ak1 wrote:Is it possible to install the guesthelpertools and an Update Agent manually
directly on the "Veeam protected Microsoft Windows Server" such as, for example, some antivirus manufacturer?
Thank you for the feature request!
Who is online
Users browsing this forum: Bing [Bot], jr.maycock, KonstantinS, RValensise, StephanG and 98 guests