-
- Service Provider
- Posts: 283
- Liked: 64 times
- Joined: Nov 17, 2014 1:48 pm
- Full Name: Florin
- Location: Switzerland
- Contact:
Malware detection and index retention
As we migrated the whole backup environment of one of our customers to new hardware, we used the chance to activate all malware features and create new full backups.
We never used guest indexing before, but had to enable it now to use "Suspicious activity detection". However, indexing data is growing rapidly and does not seem to stop consuming more space. It's populating 400GB now and grows daily. We are backing up a total of ~80TB and keep the data for 6 months on disk.
As far as i understand, suspicious acitivity detection only tracks changes between two backups. So it should be enough to only keep indexing data for the last few backups instead for the whole backup chain. Unfortunately i haven't found any setting to change index retention. We're not using enterprise manager and we do not need indexing data except for malware protection.
We never used guest indexing before, but had to enable it now to use "Suspicious activity detection". However, indexing data is growing rapidly and does not seem to stop consuming more space. It's populating 400GB now and grows daily. We are backing up a total of ~80TB and keep the data for 6 months on disk.
As far as i understand, suspicious acitivity detection only tracks changes between two backups. So it should be enough to only keep indexing data for the last few backups instead for the whole backup chain. Unfortunately i haven't found any setting to change index retention. We're not using enterprise manager and we do not need indexing data except for malware protection.
-
- Service Provider
- Posts: 283
- Liked: 64 times
- Joined: Nov 17, 2014 1:48 pm
- Full Name: Florin
- Location: Switzerland
- Contact:
Re: Malware detection and index retention
No one?
Thought that should be quite a common problem
Thought that should be quite a common problem

-
- Product Manager
- Posts: 14785
- Liked: 1721 times
- Joined: Feb 04, 2013 2:07 pm
- Full Name: Dmitry Popov
- Location: Prague
- Contact:
Re: Malware detection and index retention
Hello Florin,
Correct. In guest file indexing analysis data from latest restore point is compared with the earliest one created for the last 24 hours ago.As far as i understand, suspicious acitivity detection only tracks changes between two backups.
You can control it with retention (index is removed together with the restore point) or via Enterprise Manager, that is correct.So it should be enough to only keep indexing data for the last few backups instead for the whole backup chain.
-
- Service Provider
- Posts: 283
- Liked: 64 times
- Joined: Nov 17, 2014 1:48 pm
- Full Name: Florin
- Location: Switzerland
- Contact:
Re: Malware detection and index retention
Thanks for your answer Dima.
I obviously don't want to lower restore point retention just to remove index data earlier. So as i understand, the only way to get around this problem is to install enterprise manager because it let's me control index retention independently from restore point retention? Is there any plan to implement an easier way to have most recent index data just for malware features, but without having to keep them for the whole lifetime of the related restore points?
I obviously don't want to lower restore point retention just to remove index data earlier. So as i understand, the only way to get around this problem is to install enterprise manager because it let's me control index retention independently from restore point retention? Is there any plan to implement an easier way to have most recent index data just for malware features, but without having to keep them for the whole lifetime of the related restore points?
-
- Product Manager
- Posts: 14785
- Liked: 1721 times
- Joined: Feb 04, 2013 2:07 pm
- Full Name: Dmitry Popov
- Location: Prague
- Contact:
Re: Malware detection and index retention
Hello Florin,
I agree that installing Enterprise Manager just to control the index retention sounds like an overkill, however some Enterprise Manager features might look attractive to justify the installation for you? Self-service restore capabilities, restore scopes or centralized license management are good addition to the excising B&R capabilities.
I will discuss the possibility to control the index retention with RnD folks, noted as an improvement request for now! Thank you!
I agree that installing Enterprise Manager just to control the index retention sounds like an overkill, however some Enterprise Manager features might look attractive to justify the installation for you? Self-service restore capabilities, restore scopes or centralized license management are good addition to the excising B&R capabilities.
I will discuss the possibility to control the index retention with RnD folks, noted as an improvement request for now! Thank you!
-
- Service Provider
- Posts: 283
- Liked: 64 times
- Joined: Nov 17, 2014 1:48 pm
- Full Name: Florin
- Location: Switzerland
- Contact:
Re: Malware detection and index retention
Hey Dima
The need to patch it every now and then is the main reason against using EM if you don't need it
Would be very nice to have another possibility to control index retention. Thank you very much for noting a request!
The need to patch it every now and then is the main reason against using EM if you don't need it

Would be very nice to have another possibility to control index retention. Thank you very much for noting a request!
-
- Product Manager
- Posts: 10099
- Liked: 2693 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Malware detection and index retention
Hi Florin
I wanted to update this topic.
With v12.2 we introduced a new registry key to control the index retention. I believe it should solve your challenges in this topic.
What's new v12.2: https://www.veeam.com/veeam_backup_12_2 ... new_wn.pdf
Fabian
I wanted to update this topic.
With v12.2 we introduced a new registry key to control the index retention. I believe it should solve your challenges in this topic.
What's new v12.2: https://www.veeam.com/veeam_backup_12_2 ... new_wn.pdf
Best,Malware detection index improvements — the CPU consumption during the guest file system index
analysis has been lowered significantly to reduce the backup server load. Further, you can now reduce
the index retention period if your guest catalog storage is running out of space with the IndexRetentionDays
(DWORD) registry value under the HKLM\SOFTWARE\Veeam\Veeam Backup and Replication key on
the backup server with your preferred retention duration in day
Fabian
Product Management Analyst @ Veeam Software
-
- Service Provider
- Posts: 283
- Liked: 64 times
- Joined: Nov 17, 2014 1:48 pm
- Full Name: Florin
- Location: Switzerland
- Contact:
Re: Malware detection and index retention
This is amazing. I will give it a try.
Thanks!
Thanks!
-
- Service Provider
- Posts: 14
- Liked: 2 times
- Joined: Dec 19, 2018 3:44 pm
- Full Name: Brandon
- Contact:
Re: Malware detection and index retention
When Enterprise Manager is used, does this registry key take precedence over the setting in Enterprise Manager or does Enterprise Manager's setting override this registry key?
-
- Product Manager
- Posts: 14785
- Liked: 1721 times
- Joined: Feb 04, 2013 2:07 pm
- Full Name: Dmitry Popov
- Location: Prague
- Contact:
Re: Malware detection and index retention
We've doublechecked this scenario: whenever Enterprise Manager is present it will override this key and retention wont be applied.When Enterprise Manager is used, does this registry key take precedence over the setting in Enterprise Manager or does Enterprise Manager's setting override this registry key?
Who is online
Users browsing this forum: Bing [Bot], Google [Bot] and 54 guests