Comprehensive data protection for all workloads
Post Reply
ashleyw
Service Provider
Posts: 154
Liked: 20 times
Joined: Oct 28, 2010 10:55 pm
Full Name: Ashley Watson
Contact:

reminder on AV exceptions with Veeam 9.5

Post by ashleyw » Dec 06, 2016 9:02 pm 3 people like this post

hey guys, just a heads up.

We had been battling to trace heavy CPU utilisation on our Re-FS layer (only during active full) since upgrading to 9.5 and all our infrastructure to Windows 2016 server.

Finally after much thrashing around trying to understand why the System task (NT Kernel & System) was flat lining and killing our Re-FS layer we finally realised on our previous architecture eon Server 2012R2 we had no AV installed whereas Server 2016 has AV installed by default, so a quick google took us to;
https://www.veeam.com/kb1999

Once we put in the exceptions, our system was stable through an active full backup again.
hopefully you guys won't overlook this like we did!

cheers
Ashley

Gostev
SVP, Product Management
Posts: 24940
Liked: 3622 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: reminder on AV exceptions with Veeam 9.5

Post by Gostev » Dec 06, 2016 9:15 pm

Excellent tip, thanks for sharing Ashley!

SYSADMIT
Influencer
Posts: 13
Liked: 4 times
Joined: Apr 07, 2016 10:19 am
Contact:

Re: reminder on AV exceptions with Veeam 9.5

Post by SYSADMIT » Jun 13, 2018 5:02 pm 3 people like this post

In reference to what you mention:

I have published in my blog how to uninstall Windows Defender or how to configure the exclusions following the paths and files of the Veeam KB using PowerShell:
https://www.sysadmit.com/2018/06/veeam- ... Shell.html

You can "copy-paste" the cmd-lets.

Regards!

jim3cantos
Enthusiast
Posts: 52
Liked: 10 times
Joined: Jan 08, 2013 6:14 pm
Full Name: José Ignacio Martín Jiménez
Location: Madrid, Spain
Contact:

Re: reminder on AV exceptions with Veeam 9.5

Post by jim3cantos » Jun 18, 2018 8:31 am 1 person likes this post

@Gostev, I see that I can understand Italian perfectly... :lol:

Xabier, thanks for the tips!

...After executing powershell commands don't forget to include the paths for backup files in case of repositories.

pigletjuggler
Novice
Posts: 8
Liked: 1 time
Joined: Jul 25, 2017 3:44 pm
Full Name: Dan Martin
Contact:

Re: reminder on AV exceptions with Veeam 9.5

Post by pigletjuggler » Jun 18, 2018 7:09 pm

I believe the link provided regarding setting MSDefender exceptions via PowerShell contains some incorrect information.

The set-mppreference -exclusionprocess is fine for the exe files, but it shouldn’t contain the *.vmdk and *.flat. If you’re trying to exclude those file types, it should be done with set-mppreference-exclusionextension.

Please correct me if I’m wrong, but bearing that in mind, it should be something like this:

Code: Select all

#Exclude VEEAM from Defender
Set-MpPreference -ExclusionExtension ".vmdk", ".flat"
Set-MpPreference -ExclusionProcess "VeeamAgent.exe", "VeeamAgent64.exe"
Set-MpPreference -ExclusionPath "C:\Program Files\Veeam", "C:\Program Files (x86)\Veeam","C:\Program Files\Common Files\Veeam","C:\Program Files (x86)\Common Files\Veeam", "C:\VBRCatalog","C:\ProgramData\Veeam\Backup\NfsDatastore","C:\VeeamFLR","C:\Windows\Veeam","C:\programdata\Veeam","C:\Windows\VeeamVssSupport","C:\Windows\VeeamLogShipper"
Don’t forget that the paths in there should reflect what the actual environment has… not the defaults. I’d also venture to guess that the temp extension should be added to the exception list as well to boost cleanup and merge processes.

SYSADMIT
Influencer
Posts: 13
Liked: 4 times
Joined: Apr 07, 2016 10:19 am
Contact:

Re: reminder on AV exceptions with Veeam 9.5

Post by SYSADMIT » Jun 18, 2018 9:17 pm

Hi @pigletjuggler. It is right.

Thank you very much for the contribution, I have updated the post with the information you mention:

https://www.sysadmit.com/2018/06/veeam- ... Shell.html

By default "Windows Defender" does not scan file extensions: VMDK or FLAT, because for "Windows Defender" they are unknown extensions, however it is a good idea to exclude them as extensions as marked by the Veeam KB and not exclude them as processes.

SYSADMIT
Influencer
Posts: 13
Liked: 4 times
Joined: Apr 07, 2016 10:19 am
Contact:

Re: reminder on AV exceptions with Veeam 9.5

Post by SYSADMIT » Oct 07, 2018 10:18 am

If the computer where Veeam is installed is joined to an Active Directory domain, we can use a computer Group Policy (GPO) to set Windows Defender exclusions.

In the following link, we can find the GPO location in English and Spanish:

https://www.sysadmit.com/2018/10/veeam- ... r-gpo.html

The GPO will take effect if the operating system where the GPO is applied has at least Windows Server 2012.

Post Reply

Who is online

Users browsing this forum: No registered users and 30 guests