1. what is the difference between guest indexing data scan,inline scan, scan backup and secure restore?
2.To enable guest indexing data scan, we need to enable guest file system indexing, what is the performance will be impact in guest interaction proxy and Hyper-V host?
3. Inline scanning may increase cpu and RAM usage on the backup proxy . Can you explain more about this?
https://helpcenter.veeam.com/docs/backu ... ml?ver=120
4.Does Inline scan support refs?
5.To store ransomeware data, we need enough disk space on the backup server. how we can calculate about this
6. scan backup support antivirus scan and yara scan. what is the difference between them?
-
apolloxm
- Expert
- Posts: 111
- Liked: 11 times
- Joined: Aug 27, 2021 12:29 am
- Contact:
-
david.domask
- Veeam Software
- Posts: 2648
- Liked: 614 times
- Joined: Jun 28, 2016 12:12 pm
- Contact:
Re: Malware Detection
Hi apolloxm,
1. Each is checking the backup data in a different way:
3. The scanning process has quite a few steps as it's analyzing data blocks as they're being processed by the backup job. Cumulatively, these steps lead to the required resources cited. This is why by default the option is disabled to allow for planning and testing.
4. Please see the User Guide here for supported file systems:
"Scanning is supported only for simple volumes and for the following file systems: NTFS, ext4, ext3, ext2."
5. See link in question 4, the sizing is listed as the requirements for the ransomware data.
6. Antivirus scan is just that -- the Scan Backup operations will use the antivirus configured here. YARA is a scanning tool with a simple language for constructing custom scan rules by the YARA engine.
I would recommend give a read through the Malware Detection section of the User Guide, as a lot of it is explained in full, and should help clarify more details on the Malware Detection features and offerings: https://helpcenter.veeam.com/docs/backu ... ml?ver=120
1. Each is checking the backup data in a different way:
- Guest Indexing Scan => Checks for known malicious extensions, unexpected large number of deletes, etc
- Inline scan => Scan the backup data as it is processed for signs of malware
- Scan Backup => Use various scanning tools (YARA, Antivirus) to scan a backup file
- Secure Restore => Scan a machine prior to restoring it to check for maliciousness in the restore point (AV Scan, YARA scan)
3. The scanning process has quite a few steps as it's analyzing data blocks as they're being processed by the backup job. Cumulatively, these steps lead to the required resources cited. This is why by default the option is disabled to allow for planning and testing.
4. Please see the User Guide here for supported file systems:
"Scanning is supported only for simple volumes and for the following file systems: NTFS, ext4, ext3, ext2."
5. See link in question 4, the sizing is listed as the requirements for the ransomware data.
6. Antivirus scan is just that -- the Scan Backup operations will use the antivirus configured here. YARA is a scanning tool with a simple language for constructing custom scan rules by the YARA engine.
I would recommend give a read through the Malware Detection section of the User Guide, as a lot of it is explained in full, and should help clarify more details on the Malware Detection features and offerings: https://helpcenter.veeam.com/docs/backu ... ml?ver=120
David Domask | Product Management: Principal Analyst
Who is online
Users browsing this forum: Bing [Bot], Google [Bot], Semrush [Bot] and 21 guests