Comprehensive data protection for all workloads
Post Reply
dasfliege
Service Provider
Posts: 283
Liked: 64 times
Joined: Nov 17, 2014 1:48 pm
Full Name: Florin
Location: Switzerland
Contact:

Malware detection and index retention

Post by dasfliege »

As we migrated the whole backup environment of one of our customers to new hardware, we used the chance to activate all malware features and create new full backups.
We never used guest indexing before, but had to enable it now to use "Suspicious activity detection". However, indexing data is growing rapidly and does not seem to stop consuming more space. It's populating 400GB now and grows daily. We are backing up a total of ~80TB and keep the data for 6 months on disk.

As far as i understand, suspicious acitivity detection only tracks changes between two backups. So it should be enough to only keep indexing data for the last few backups instead for the whole backup chain. Unfortunately i haven't found any setting to change index retention. We're not using enterprise manager and we do not need indexing data except for malware protection.
dasfliege
Service Provider
Posts: 283
Liked: 64 times
Joined: Nov 17, 2014 1:48 pm
Full Name: Florin
Location: Switzerland
Contact:

Re: Malware detection and index retention

Post by dasfliege »

No one?
Thought that should be quite a common problem :-)
Dima P.
Product Manager
Posts: 14785
Liked: 1721 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: Malware detection and index retention

Post by Dima P. »

Hello Florin,
As far as i understand, suspicious acitivity detection only tracks changes between two backups.
Correct. In guest file indexing analysis data from latest restore point is compared with the earliest one created for the last 24 hours ago.
So it should be enough to only keep indexing data for the last few backups instead for the whole backup chain.
You can control it with retention (index is removed together with the restore point) or via Enterprise Manager, that is correct.
dasfliege
Service Provider
Posts: 283
Liked: 64 times
Joined: Nov 17, 2014 1:48 pm
Full Name: Florin
Location: Switzerland
Contact:

Re: Malware detection and index retention

Post by dasfliege »

Thanks for your answer Dima.

I obviously don't want to lower restore point retention just to remove index data earlier. So as i understand, the only way to get around this problem is to install enterprise manager because it let's me control index retention independently from restore point retention? Is there any plan to implement an easier way to have most recent index data just for malware features, but without having to keep them for the whole lifetime of the related restore points?
Dima P.
Product Manager
Posts: 14785
Liked: 1721 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: Malware detection and index retention

Post by Dima P. » 2 people like this post

Hello Florin,

I agree that installing Enterprise Manager just to control the index retention sounds like an overkill, however some Enterprise Manager features might look attractive to justify the installation for you? Self-service restore capabilities, restore scopes or centralized license management are good addition to the excising B&R capabilities.

I will discuss the possibility to control the index retention with RnD folks, noted as an improvement request for now! Thank you!
dasfliege
Service Provider
Posts: 283
Liked: 64 times
Joined: Nov 17, 2014 1:48 pm
Full Name: Florin
Location: Switzerland
Contact:

Re: Malware detection and index retention

Post by dasfliege » 1 person likes this post

Hey Dima

The need to patch it every now and then is the main reason against using EM if you don't need it ;-)
Would be very nice to have another possibility to control index retention. Thank you very much for noting a request!
Mildur
Product Manager
Posts: 10099
Liked: 2693 times
Joined: May 13, 2017 4:51 pm
Full Name: Fabian K.
Location: Switzerland
Contact:

Re: Malware detection and index retention

Post by Mildur » 1 person likes this post

Hi Florin

I wanted to update this topic.
With v12.2 we introduced a new registry key to control the index retention. I believe it should solve your challenges in this topic.

What's new v12.2: https://www.veeam.com/veeam_backup_12_2 ... new_wn.pdf
Malware detection index improvements — the CPU consumption during the guest file system index
analysis has been lowered significantly to reduce the backup server load. Further, you can now reduce
the index retention period if your guest catalog storage is running out of space with the IndexRetentionDays
(DWORD) registry value
under the HKLM\SOFTWARE\Veeam\Veeam Backup and Replication key on
the backup server with your preferred retention duration in day
Best,
Fabian
Product Management Analyst @ Veeam Software
dasfliege
Service Provider
Posts: 283
Liked: 64 times
Joined: Nov 17, 2014 1:48 pm
Full Name: Florin
Location: Switzerland
Contact:

Re: Malware detection and index retention

Post by dasfliege » 1 person likes this post

This is amazing. I will give it a try.
Thanks!
Nodnarb
Service Provider
Posts: 14
Liked: 2 times
Joined: Dec 19, 2018 3:44 pm
Full Name: Brandon
Contact:

Re: Malware detection and index retention

Post by Nodnarb »

When Enterprise Manager is used, does this registry key take precedence over the setting in Enterprise Manager or does Enterprise Manager's setting override this registry key?
Dima P.
Product Manager
Posts: 14785
Liked: 1721 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: Malware detection and index retention

Post by Dima P. » 1 person likes this post

When Enterprise Manager is used, does this registry key take precedence over the setting in Enterprise Manager or does Enterprise Manager's setting override this registry key?
We've doublechecked this scenario: whenever Enterprise Manager is present it will override this key and retention wont be applied.
Post Reply

Who is online

Users browsing this forum: Bing [Bot], Google [Bot] and 54 guests