FYI: Veeam hotfix (exe) and Windows versions

[spiritie]

Hi Veeam

FYI when you are giving us the hotfixes in the .exe versions, you as vendor need to manually update the version in registry under: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

This gives problem with mismatch of versions and confusion. We monitor the version of VBR+EM through the registry key and I can also see how Tanium is flagging incorrect CVE 9.9 because the OVAL definitions are also looking at the registry for the versions of VBR.

I saw this happen first time you released an hotfix with the .exe and it also happened on the last hotfix you just released. In Windows the version in the GUI is correct under "Installed apps", but not in the registry.

I believe this is some limitation of Windows, where the correct version in registry only gets updated if an MSI is used, not exe files per default, and why the software vendor need to be aware of this.

I've created this script to fix all of the versions on our VBR + EM, so our security software doesn't flag them incorrectly for CVE's: https://pastebin.com/uGRRq44C

[spiritie]

Also an side note. When installing the Veeam Console on a separate server, it also gets installed in Windows with the name "Veeam Backup & Replication".

Same goes for when installing "Veeam Backup for Microsoft 365", there you also install "Veeam Backup & Replication" but with a different version.
This has multiple times gotten flagged incorrectly in our security software and compliance monitoring as these products obviously is not affected by the same CVE's, but still triggered false positives because of the common name used.

Do you have any plans on streamlining your naming conventions for your products please ?

Eg. Veeam console should be installed as: "Veeam Backup & Replication Console".

I believe O365 installs the "Veeam Backup & Replication" for the different Veeam explorers for restoring, maybe it should be called "Veeam Backup & Replication Explorers"?