Comprehensive data protection for all workloads
roelvdw
Enthusiast
Posts: 60
Liked: 6 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Secure restore

Post by roelvdw » Feb 05, 2019 8:20 pm

Hi

We use in our environment Kaspersky EndPoint Security and Kaspersky Security for Windows Servers.
I wanna test secure restore functionality with Kaspersky Security .
Does anyone have experience with Configuring the antivirus file for Veeam B&R to test secure restore ?

Kind regards

Roel

Mike Resseler
Product Manager
Posts: 5695
Liked: 599 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: Secure restore

Post by Mike Resseler » Feb 06, 2019 6:34 am

Roel,

I've done a bit of digging but can't find exactly if commandline is supported for Endpoint Security. Only found something for version 10 for windows servers (https://support.kaspersky.com/11336#). So you might want to check if that avp.com exists on your servers.

If so, just adapt the XML file as seen here (https://helpcenter.veeam.com/docs/backu ... l?ver=95u4)

Mike

roelvdw
Enthusiast
Posts: 60
Liked: 6 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Re: Secure restore

Post by roelvdw » Feb 06, 2019 9:10 am

Hi Mike

No avp.com is not installed on Servers.
If i can install it > can you send me antivirusinfo.xml file adjusted for this AV

Kind regards

Roel

HannesK
Veeam Software
Posts: 3698
Liked: 441 times
Joined: Sep 01, 2014 11:46 am
Location: Austria
Contact:

Re: Secure restore

Post by HannesK » Feb 06, 2019 4:06 pm

Hello,
I guess you have a "all in one" installation. That means avp.com needs to be installed on the Veeam Backup server.

Then I suggest that you try to scan manually on command line (how-to). Example "avp.com scan <file / folder>" and check whether everything works. The eicar test virus is an easy way to check.

After you figured out the syntax, just change the settings in the XML file from one of the existing examples in the file.

Best regards,
Hannes

roelvdw
Enthusiast
Posts: 60
Liked: 6 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Re: Secure restore

Post by roelvdw » Feb 06, 2019 5:30 pm

Hi Hannes

avp.com is only Kaspersky EndPoint Security (clients) .
For servers > Kaspersky Security for Windows Server .
On most of my servers Kaspersky Security for Windows Servers is installed also on Veeam Backup Server.
I have added the commands in antivirusinfo.xml (for Kaspersky EndPoint Security & Kaspersky Security for Windows Server .
Do i have to restart services after editing Antivirusinfo file ?

HannesK
Veeam Software
Posts: 3698
Liked: 441 times
Joined: Sep 01, 2014 11:46 am
Location: Austria
Contact:

Re: Secure restore

Post by HannesK » Feb 07, 2019 8:37 am

Hello,
as far as I remember when I tested it some months ago, it is not required to restart any service. I will ask the documentation whether they can add that information.

Best regards,
Hannes

roelvdw
Enthusiast
Posts: 60
Liked: 6 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Re: Secure restore

Post by roelvdw » Feb 09, 2019 2:32 pm

Hi Hannes

I have adjusted the XML file .
But when i test secore Restore > i get message that malware scan is not available

Mike Resseler
Product Manager
Posts: 5695
Liked: 599 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: Secure restore

Post by Mike Resseler » Feb 11, 2019 6:23 am

Roel,

Without any guarantees that it will work (I can't test because I don't have Kaspersky). Could you post what you have added to the XML file? We might see something in it that is not correct.

roelvdw
Enthusiast
Posts: 60
Liked: 6 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Re: Secure restore

Post by roelvdw » Feb 12, 2019 1:58 pm

Hi

I haved added the text of xml file above

Code: Select all

<Antiviruses>
	<AntivirusInfo Name='Symantec' IsPortableSoftware='false' ExecutableFilePath='Veeam.Backup.Antivirus.Scan.exe' CommandLineParameters='/p:%Path%' RegPath='HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\symcscan' ServiceName='symcscan' ThreatExistsRegEx='Threat\s+found' IsParallelScanAvailable='false'>
		<ExitCodes>
			<ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
			<ExitCode Type='Error' Description='Invalid command line argument'>1</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was completed with errors'>2</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was canceled'>4</ExitCode>
			<ExitCode Type='Infected' Description='Virus threat was detected'>3</ExitCode>
		</ExitCodes>
	</AntivirusInfo>
<Antiviruses>
	<AntivirusInfo Name='Kaspersky Security 10 for Windows Server' IsPortableSoftware='false' ExecutableFilePath='c:\Program Files (x86)\Kaspersky Lab\Kaspersky Security 10 for Windows Server\kavshell.exe' CommandLineParameters='scan /mycomp' RegPath='HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KAVFS' ServiceName='KAVFS' ThreatExistsRegEx='Threat\s+found' IsParallelScanAvailable='false'>
		<ExitCodes>
			<ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
			<ExitCode Type='Error' Description='Invalid command line argument'>1</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was completed with errors'>2</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was canceled'>4</ExitCode>
			<ExitCode Type='Infected' Description='Virus threat was detected'>3</ExitCode>
		</ExitCodes>
	</AntivirusInfo>
<Antiviruses>
<Antiviruses>
	<AntivirusInfo Name='Kaspersky Security 10 for Windows Server' IsPortableSoftware='true' ExecutableFilePath='c:\Program Files (x86)\Kaspersky Lab\Kaspersky Security 10 for Windows Server\kavshell.exe' CommandLineParameters='scan /mycomp' RegPath='' ServiceName='' ThreatExistsRegEx='Threat\s+found' IsParallelScanAvailable='false'>
		<ExitCodes>
			<ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
			<ExitCode Type='Error' Description='Invalid command line argument'>1</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was completed with errors'>2</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was canceled'>4</ExitCode>
			<ExitCode Type='Infected' Description='Virus threat was detected'>3</ExitCode>
		</ExitCodes>
	</AntivirusInfo>
<Antiviruses>
	<AntivirusInfo Name='Kaspersky Endpoint Security for Windows' IsPortableSoftware='true' ExecutableFilePath='c:Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\avp.com' CommandLineParameters='scan /all' RegPath='' ServiceName='' ThreatExistsRegEx='Threat\s+found' IsParallelScanAvailable='false'>
		<ExitCodes>
			<ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
			<ExitCode Type='Error' Description='Invalid command line argument'>1</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was completed with errors'>2</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was canceled'>4</ExitCode>
			<ExitCode Type='Infected' Description='Virus threat was detected'>3</ExitCode>
		</ExitCodes>
<AntivirusInfo Name='Kaspersky Endpoint Security for Windows' IsPortableSoftware='false' ExecutableFilePath='c:Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\avp.com' CommandLineParameters='scan /all' RegPath='HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AVP' ServiceName='AVP' ThreatExistsRegEx='Threat\s+found' IsParallelScanAvailable='false'>
		<ExitCodes>
			<ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
			<ExitCode Type='Error' Description='Invalid command line argument'>1</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was completed with errors'>2</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was canceled'>4</ExitCode>
			<ExitCode Type='Infected' Description='Virus threat was detected'>3</ExitCode>
		</ExitCodes>
	</AntivirusInfo>
	<AntivirusInfo Name='Eset File Security' IsPortableSoftware='true' ExecutableFilePath='%ProgramFiles%\ESET\ESET File Security\ecls.exe' CommandLineParameters='%Path% /clean-mode=None /no-symlink' RegPath='' ServiceName='' ThreatExistsRegEx='threat\s*=\s*["&apos;](?!is OK["&apos;])[^"&apos;]+["&apos;]' IsParallelScanAvailable='false'>
		<ExitCodes>
			<ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
			<ExitCode Type='Infected' Description='Virus threat was detected'>1</ExitCode>
			<ExitCode Type='Warning' Description='Some files were not scanned'>10</ExitCode>
			<ExitCode Type='Infected' Description='Virus threat was detected'>50</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was completed with errors'>100</ExitCode>
		</ExitCodes>
	</AntivirusInfo>
	<AntivirusInfo Name='ESET Antivirus' IsPortableSoftware='true' ExecutableFilePath='%ProgramFiles%\ESET\ESET Security\ecls.exe' CommandLineParameters='%Path% /clean-mode=None /no-symlink' RegPath='' ServiceName='' ThreatExistsRegEx='threat\s*=\s*["&apos;](?!is OK["&apos;])[^"&apos;]+["&apos;]' IsParallelScanAvailable='false'>
		<ExitCodes>
			<ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
			<ExitCode Type='Infected' Description='Virus threat was detected'>1</ExitCode>
			<ExitCode Type='Warning' Description='Some files were not scanned'>10</ExitCode>
			<ExitCode Type='Infected' Description='Virus threat was detected'>50</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was completed with errors'>100</ExitCode>
		</ExitCodes>
	</AntivirusInfo>
	<AntivirusInfo Name='Windows Defender' IsPortableSoftware='false' ExecutableFilePath='%ProgramFiles%\Windows Defender\mpcmdrun.exe' CommandLineParameters='-Scan -ScanType 3 -File %Path% -DisableRemediation -BootSectorScan' RegPath='HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend' ServiceName='WinDefend' ThreatExistsRegEx='Threat\s+information' IsParallelScanAvailable='false'>
		<ExitCodes>
			<ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was completed with errors'>2</ExitCode>
			<ExitCode Type='Infected' Description='Virus threat was detected'>2</ExitCode>
		</ExitCodes>
	</AntivirusInfo>
</Antiviruses>

HannesK
Veeam Software
Posts: 3698
Liked: 441 times
Joined: Sep 01, 2014 11:46 am
Location: Austria
Contact:

Re: Secure restore

Post by HannesK » Feb 12, 2019 2:11 pm

Hello,
I don't believe that it is a good idea to add the scanners twice with the same name

Code: Select all

<AntivirusInfo Name='Kaspersky Security 10 for Windows Server' IsPortableSoftware='false'
<AntivirusInfo Name='Kaspersky Security 10 for Windows Server' IsPortableSoftware='true' 

Code: Select all

<AntivirusInfo Name='Kaspersky Endpoint Security for Windows' IsPortableSoftware='true'
<AntivirusInfo Name='Kaspersky Endpoint Security for Windows' IsPortableSoftware='false'
trying both ways makes sense to me, but with the same name that could be an issue.

Best regards,
Hannes

roelvdw
Enthusiast
Posts: 60
Liked: 6 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Re: Secure restore

Post by roelvdw » Feb 12, 2019 3:19 pm

Hi Hannes

Kaspersky EndPoint Security & Kaspersky Security 10 for Windows Server works both from command line.
Do i have choose for "IsPortableSoftware=true" ?

Kind regards

Roel

HannesK
Veeam Software
Posts: 3698
Liked: 441 times
Joined: Sep 01, 2014 11:46 am
Location: Austria
Contact:

Re: Secure restore

Post by HannesK » Feb 12, 2019 3:27 pm

Hello,
I understand, but I guess our software cannot deal with two identical names (Name=...). Just try to rename them and if you keep both options for both scanners, then something should work.

I can only guess as I don't have the software. I would just try both (as you already do).

Best regards,
Hannes

Mike Resseler
Product Manager
Posts: 5695
Liked: 599 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: Secure restore

Post by Mike Resseler » Feb 12, 2019 7:27 pm

Roel,

IsPortableSoftware is probably false. I assume it is installed, as I see entries for a service.

That said, are all of those different ones installed on the server? I see potential issues with the server version and the workstation version being installed on that server? In the end, we use the service running on the server that will execute the datalab.

roelvdw
Enthusiast
Posts: 60
Liked: 6 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Re: Secure restore

Post by roelvdw » Feb 12, 2019 8:16 pm

Hi Mike

Do you mean it could be a problem that i have entry for EndPoint and servers ? Kaspersky Security 10 for Windows Servers command line is with kavshell.exe command. Directory is c:\program files (x86)\Kaspersky Lab\Kaspersky Security 10 for Windows Server. but there is also a service for Kaspersky .

What do i have to choose > isportablesoftware=false or true.
The Manuel says > true when exe is available. False when there is service

Mike Resseler
Product Manager
Posts: 5695
Liked: 599 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: Secure restore

Post by Mike Resseler » Feb 12, 2019 8:21 pm

I am assuming you will be running the server version on the server responsible for mounting the backup? If so, use the server version. And I think, that it will be a service so isportablesofware=false

If you make the changes, let us know how it looks then

roelvdw
Enthusiast
Posts: 60
Liked: 6 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Re: Secure restore

Post by roelvdw » Feb 15, 2019 4:34 pm

Hi Mike

I have changed thé XML file.
It detects Kaspersky on server and start scanning but it failed with exitcode -6 unknown command

Mike Resseler
Product Manager
Posts: 5695
Liked: 599 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: Secure restore

Post by Mike Resseler » Feb 18, 2019 6:51 am

I just tried to find some documentation on those error codes but not really successful. Any change you are registered on their forums or have a support contract? That might be the quickest way to figure out what each exit code means.

roelvdw
Enthusiast
Posts: 60
Liked: 6 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Re: Secure restore

Post by roelvdw » Feb 18, 2019 5:11 pm

Hi Mike

Error code -6 means unknown command.
Some wrong argument in command or not Wright command

Mike Resseler
Product Manager
Posts: 5695
Liked: 599 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: Secure restore

Post by Mike Resseler » Feb 19, 2019 7:10 am

OK. Could you post the data you have in the XML command again? Might be a little error inside. If I can't see it, we might need to create support call.

roelvdw
Enthusiast
Posts: 60
Liked: 6 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Re: Secure restore

Post by roelvdw » Feb 19, 2019 10:15 am

Hi I haved added this to XML file.

<AntivirusInfo Name='Kaspersky Security 10 for Windows Server' IsPortableSoftware='true' ExecutableFilePath='C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security 10 for Windows Server\kavshell.exe' CommandLineParameters='%Path% SCAN /FIXDRIVES /FA /AI:AUTO /AS:AUTO' RegPath='' ServiceName='' ThreatExistsRegEx='Threat\s+found' IsParallelScanAvailable='false'>
<ExitCodes>
<ExitCode Type="Error" Description='Verkeerd commando'>-6</ExitCode>
<ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
<ExitCode Type='Error' Description='Invalid command line argument'>1</ExitCode>
<ExitCode Type='Error' Description='Antivirus scan was completed with errors'>2</ExitCode>
<ExitCode Type='Error' Description='Antivirus scan was canceled'>4</ExitCode>
<ExitCode Type='Infected' Description='Virus threat was detected'>3</ExitCode>
</ExitCodes>
</AntivirusInfo>

i get error -6 unknown command

I have also created a case with support last week
Case # 03408740

kind regards

MichaelCade
Veeam Software
Posts: 261
Liked: 49 times
Joined: Mar 23, 2015 11:55 am
Full Name: Michael Cade
Location: Cambridge, United Kingdom
Contact:

Re: Secure restore

Post by MichaelCade » Feb 19, 2019 10:39 am

Thanks I will keep an eye on the support case.
Regards,

Michael Cade
Global Technologist
Veeam Software
Email: Michael.Cade@Veeam.com
Twitter: @MichaelCade1

roelvdw
Enthusiast
Posts: 60
Liked: 6 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Re: Secure restore

Post by roelvdw » Feb 19, 2019 10:44 am

Hi Michael

I am already a step further in scanning.
The C drive scan completed but the other part of c drive gives error -83 > means unchecked object founds.

I also created a request on kaspersky forum. Keep you posted what Kaspersky saying about this error µµ

https://forum.kaspersky.com/index.php?/ ... ent-330273

roelvdw
Enthusiast
Posts: 60
Liked: 6 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Re: Secure restore

Post by roelvdw » Feb 19, 2019 1:49 pm

there was error in the command parameters .

this is the wright command
<AntivirusInfo Name='Kaspersky Security 10 for Windows Server' IsPortableSoftware='true' ExecutableFilePath='C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security 10 for Windows Server\kavshell.exe' CommandLineParameters='SCAN %Path% /FIXDRIVES /FA /AI:AUTO /AS:AUTO' RegPath='' ServiceName='' ThreatExistsRegEx='Threat\s+found' IsParallelScanAvailable='false'>
<ExitCodes>
<ExitCode Type="Error" Description='Verkeerd commando'>-6</ExitCode>
<ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
<ExitCode Type='Error' Description='Invalid command line argument'>1</ExitCode>
<ExitCode Type='Error' Description='Antivirus scan was completed with errors'>2</ExitCode>
<ExitCode Type='Error' Description='Antivirus scan was canceled'>4</ExitCode>
<ExitCode Type='Infected' Description='Virus threat was detected'>3</ExitCode>
</ExitCodes>
</AntivirusInfo>

but get errorcode -83 > unchecked objects found

Mike Resseler
Product Manager
Posts: 5695
Liked: 599 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: Secure restore

Post by Mike Resseler » Feb 20, 2019 6:37 am

Roel,

I'm guessing here... That backup that you are scanning... Any change it has already quarantined objects in it?

roelvdw
Enthusiast
Posts: 60
Liked: 6 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Re: Secure restore

Post by roelvdw » Feb 20, 2019 7:00 am

Hi Mike

No quarantained files Found
Only unknown objects

Dima P.
Product Manager
Posts: 10328
Liked: 837 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: Secure restore

Post by Dima P. » Feb 20, 2019 6:49 pm

Hello Roel,

For the test purposes can you please make CommandLineParameters more lightweight?

1. I assume you don't need to use SCAN (as you would like to scan all the volumes in the backup and all the files are online anyway, right?)
2. FIXDRIVES, let's leave it
/FA /AI:AUTO /AS:AUTO
Do you have any description to share with me for these command line keys?

When you have zero command line keys specified does it scan all the volumes in from the backup? Thank you in advance!

roelvdw
Enthusiast
Posts: 60
Liked: 6 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Re: Secure restore

Post by roelvdw » Feb 20, 2019 7:19 pm

Hi Dima

This is the Kaspersky Manual
https://kaspersky.aeminiummultimedia.pt ... ide_en.pdf

1) yes i think i Need the scan command.
2) ok i leave fixdrives parameter

What do you mean with the last ?
Which command do i have to use then > only scan %path% \ fixdrives ?
Other parameters are \Scancritical in place of scan . Or scan \memory \shared \mycomp ...

You can Find all commands in the manual

Kind regards

Roel

Dima P.
Product Manager
Posts: 10328
Liked: 837 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: Secure restore

Post by Dima P. » Feb 20, 2019 8:39 pm

Code: Select all

KAVSHELL SCAN C:\VeeamFLR\
Looks like this is the only key needed for CommandLineParameters is path the folder (it will point the scan to the predefined folder where we mount disks from backup file). Can you please try this command line parameter? Cheers!

roelvdw
Enthusiast
Posts: 60
Liked: 6 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Re: Secure restore

Post by roelvdw » Feb 20, 2019 8:57 pm

Hi Dima

Ok i gonna try it out tomorrow.

roelvdw
Enthusiast
Posts: 60
Liked: 6 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Re: Secure restore

Post by roelvdw » Feb 21, 2019 4:48 pm

Hi Dima

I changed commandlineparameter to
<'SCAN %Path% c:\VeeamFLR '>

It works.

For Surebackup > do i have to change thé parameters? Or does scan Surebackup automatically the Wright volumes ?

Post Reply

Who is online

Users browsing this forum: Bing [Bot] and 17 guests