Comprehensive data protection for all workloads
roelvdw
Enthusiast
Posts: 58
Liked: 5 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Secure restore

Post by roelvdw » Feb 05, 2019 8:20 pm

Hi

We use in our environment Kaspersky EndPoint Security and Kaspersky Security for Windows Servers.
I wanna test secure restore functionality with Kaspersky Security .
Does anyone have experience with Configuring the antivirus file for Veeam B&R to test secure restore ?

Kind regards

Roel

Mike Resseler
Product Manager
Posts: 5290
Liked: 557 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: Secure restore

Post by Mike Resseler » Feb 06, 2019 6:34 am

Roel,

I've done a bit of digging but can't find exactly if commandline is supported for Endpoint Security. Only found something for version 10 for windows servers (https://support.kaspersky.com/11336#). So you might want to check if that avp.com exists on your servers.

If so, just adapt the XML file as seen here (https://helpcenter.veeam.com/docs/backu ... l?ver=95u4)

Mike

roelvdw
Enthusiast
Posts: 58
Liked: 5 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Re: Secure restore

Post by roelvdw » Feb 06, 2019 9:10 am

Hi Mike

No avp.com is not installed on Servers.
If i can install it > can you send me antivirusinfo.xml file adjusted for this AV

Kind regards

Roel

HannesK
Veeam Software
Posts: 2354
Liked: 283 times
Joined: Sep 01, 2014 11:46 am
Location: Austria
Contact:

Re: Secure restore

Post by HannesK » Feb 06, 2019 4:06 pm

Hello,
I guess you have a "all in one" installation. That means avp.com needs to be installed on the Veeam Backup server.

Then I suggest that you try to scan manually on command line (how-to). Example "avp.com scan <file / folder>" and check whether everything works. The eicar test virus is an easy way to check.

After you figured out the syntax, just change the settings in the XML file from one of the existing examples in the file.

Best regards,
Hannes

roelvdw
Enthusiast
Posts: 58
Liked: 5 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Re: Secure restore

Post by roelvdw » Feb 06, 2019 5:30 pm

Hi Hannes

avp.com is only Kaspersky EndPoint Security (clients) .
For servers > Kaspersky Security for Windows Server .
On most of my servers Kaspersky Security for Windows Servers is installed also on Veeam Backup Server.
I have added the commands in antivirusinfo.xml (for Kaspersky EndPoint Security & Kaspersky Security for Windows Server .
Do i have to restart services after editing Antivirusinfo file ?

HannesK
Veeam Software
Posts: 2354
Liked: 283 times
Joined: Sep 01, 2014 11:46 am
Location: Austria
Contact:

Re: Secure restore

Post by HannesK » Feb 07, 2019 8:37 am

Hello,
as far as I remember when I tested it some months ago, it is not required to restart any service. I will ask the documentation whether they can add that information.

Best regards,
Hannes

roelvdw
Enthusiast
Posts: 58
Liked: 5 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Re: Secure restore

Post by roelvdw » Feb 09, 2019 2:32 pm

Hi Hannes

I have adjusted the XML file .
But when i test secore Restore > i get message that malware scan is not available

Mike Resseler
Product Manager
Posts: 5290
Liked: 557 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: Secure restore

Post by Mike Resseler » Feb 11, 2019 6:23 am

Roel,

Without any guarantees that it will work (I can't test because I don't have Kaspersky). Could you post what you have added to the XML file? We might see something in it that is not correct.

roelvdw
Enthusiast
Posts: 58
Liked: 5 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Re: Secure restore

Post by roelvdw » Feb 12, 2019 1:58 pm

Hi

I haved added the text of xml file above

Code: Select all

<Antiviruses>
	<AntivirusInfo Name='Symantec' IsPortableSoftware='false' ExecutableFilePath='Veeam.Backup.Antivirus.Scan.exe' CommandLineParameters='/p:%Path%' RegPath='HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\symcscan' ServiceName='symcscan' ThreatExistsRegEx='Threat\s+found' IsParallelScanAvailable='false'>
		<ExitCodes>
			<ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
			<ExitCode Type='Error' Description='Invalid command line argument'>1</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was completed with errors'>2</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was canceled'>4</ExitCode>
			<ExitCode Type='Infected' Description='Virus threat was detected'>3</ExitCode>
		</ExitCodes>
	</AntivirusInfo>
<Antiviruses>
	<AntivirusInfo Name='Kaspersky Security 10 for Windows Server' IsPortableSoftware='false' ExecutableFilePath='c:\Program Files (x86)\Kaspersky Lab\Kaspersky Security 10 for Windows Server\kavshell.exe' CommandLineParameters='scan /mycomp' RegPath='HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KAVFS' ServiceName='KAVFS' ThreatExistsRegEx='Threat\s+found' IsParallelScanAvailable='false'>
		<ExitCodes>
			<ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
			<ExitCode Type='Error' Description='Invalid command line argument'>1</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was completed with errors'>2</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was canceled'>4</ExitCode>
			<ExitCode Type='Infected' Description='Virus threat was detected'>3</ExitCode>
		</ExitCodes>
	</AntivirusInfo>
<Antiviruses>
<Antiviruses>
	<AntivirusInfo Name='Kaspersky Security 10 for Windows Server' IsPortableSoftware='true' ExecutableFilePath='c:\Program Files (x86)\Kaspersky Lab\Kaspersky Security 10 for Windows Server\kavshell.exe' CommandLineParameters='scan /mycomp' RegPath='' ServiceName='' ThreatExistsRegEx='Threat\s+found' IsParallelScanAvailable='false'>
		<ExitCodes>
			<ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
			<ExitCode Type='Error' Description='Invalid command line argument'>1</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was completed with errors'>2</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was canceled'>4</ExitCode>
			<ExitCode Type='Infected' Description='Virus threat was detected'>3</ExitCode>
		</ExitCodes>
	</AntivirusInfo>
<Antiviruses>
	<AntivirusInfo Name='Kaspersky Endpoint Security for Windows' IsPortableSoftware='true' ExecutableFilePath='c:Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\avp.com' CommandLineParameters='scan /all' RegPath='' ServiceName='' ThreatExistsRegEx='Threat\s+found' IsParallelScanAvailable='false'>
		<ExitCodes>
			<ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
			<ExitCode Type='Error' Description='Invalid command line argument'>1</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was completed with errors'>2</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was canceled'>4</ExitCode>
			<ExitCode Type='Infected' Description='Virus threat was detected'>3</ExitCode>
		</ExitCodes>
<AntivirusInfo Name='Kaspersky Endpoint Security for Windows' IsPortableSoftware='false' ExecutableFilePath='c:Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\avp.com' CommandLineParameters='scan /all' RegPath='HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AVP' ServiceName='AVP' ThreatExistsRegEx='Threat\s+found' IsParallelScanAvailable='false'>
		<ExitCodes>
			<ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
			<ExitCode Type='Error' Description='Invalid command line argument'>1</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was completed with errors'>2</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was canceled'>4</ExitCode>
			<ExitCode Type='Infected' Description='Virus threat was detected'>3</ExitCode>
		</ExitCodes>
	</AntivirusInfo>
	<AntivirusInfo Name='Eset File Security' IsPortableSoftware='true' ExecutableFilePath='%ProgramFiles%\ESET\ESET File Security\ecls.exe' CommandLineParameters='%Path% /clean-mode=None /no-symlink' RegPath='' ServiceName='' ThreatExistsRegEx='threat\s*=\s*["&apos;](?!is OK["&apos;])[^"&apos;]+["&apos;]' IsParallelScanAvailable='false'>
		<ExitCodes>
			<ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
			<ExitCode Type='Infected' Description='Virus threat was detected'>1</ExitCode>
			<ExitCode Type='Warning' Description='Some files were not scanned'>10</ExitCode>
			<ExitCode Type='Infected' Description='Virus threat was detected'>50</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was completed with errors'>100</ExitCode>
		</ExitCodes>
	</AntivirusInfo>
	<AntivirusInfo Name='ESET Antivirus' IsPortableSoftware='true' ExecutableFilePath='%ProgramFiles%\ESET\ESET Security\ecls.exe' CommandLineParameters='%Path% /clean-mode=None /no-symlink' RegPath='' ServiceName='' ThreatExistsRegEx='threat\s*=\s*["&apos;](?!is OK["&apos;])[^"&apos;]+["&apos;]' IsParallelScanAvailable='false'>
		<ExitCodes>
			<ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
			<ExitCode Type='Infected' Description='Virus threat was detected'>1</ExitCode>
			<ExitCode Type='Warning' Description='Some files were not scanned'>10</ExitCode>
			<ExitCode Type='Infected' Description='Virus threat was detected'>50</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was completed with errors'>100</ExitCode>
		</ExitCodes>
	</AntivirusInfo>
	<AntivirusInfo Name='Windows Defender' IsPortableSoftware='false' ExecutableFilePath='%ProgramFiles%\Windows Defender\mpcmdrun.exe' CommandLineParameters='-Scan -ScanType 3 -File %Path% -DisableRemediation -BootSectorScan' RegPath='HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend' ServiceName='WinDefend' ThreatExistsRegEx='Threat\s+information' IsParallelScanAvailable='false'>
		<ExitCodes>
			<ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was completed with errors'>2</ExitCode>
			<ExitCode Type='Infected' Description='Virus threat was detected'>2</ExitCode>
		</ExitCodes>
	</AntivirusInfo>
</Antiviruses>

HannesK
Veeam Software
Posts: 2354
Liked: 283 times
Joined: Sep 01, 2014 11:46 am
Location: Austria
Contact:

Re: Secure restore

Post by HannesK » Feb 12, 2019 2:11 pm

Hello,
I don't believe that it is a good idea to add the scanners twice with the same name

Code: Select all

<AntivirusInfo Name='Kaspersky Security 10 for Windows Server' IsPortableSoftware='false'
<AntivirusInfo Name='Kaspersky Security 10 for Windows Server' IsPortableSoftware='true' 

Code: Select all

<AntivirusInfo Name='Kaspersky Endpoint Security for Windows' IsPortableSoftware='true'
<AntivirusInfo Name='Kaspersky Endpoint Security for Windows' IsPortableSoftware='false'
trying both ways makes sense to me, but with the same name that could be an issue.

Best regards,
Hannes

roelvdw
Enthusiast
Posts: 58
Liked: 5 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Re: Secure restore

Post by roelvdw » Feb 12, 2019 3:19 pm

Hi Hannes

Kaspersky EndPoint Security & Kaspersky Security 10 for Windows Server works both from command line.
Do i have choose for "IsPortableSoftware=true" ?

Kind regards

Roel

HannesK
Veeam Software
Posts: 2354
Liked: 283 times
Joined: Sep 01, 2014 11:46 am
Location: Austria
Contact:

Re: Secure restore

Post by HannesK » Feb 12, 2019 3:27 pm

Hello,
I understand, but I guess our software cannot deal with two identical names (Name=...). Just try to rename them and if you keep both options for both scanners, then something should work.

I can only guess as I don't have the software. I would just try both (as you already do).

Best regards,
Hannes

Mike Resseler
Product Manager
Posts: 5290
Liked: 557 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: Secure restore

Post by Mike Resseler » Feb 12, 2019 7:27 pm

Roel,

IsPortableSoftware is probably false. I assume it is installed, as I see entries for a service.

That said, are all of those different ones installed on the server? I see potential issues with the server version and the workstation version being installed on that server? In the end, we use the service running on the server that will execute the datalab.

roelvdw
Enthusiast
Posts: 58
Liked: 5 times
Joined: May 11, 2012 1:38 pm
Full Name: Vandewalle Roel
Contact:

Re: Secure restore

Post by roelvdw » Feb 12, 2019 8:16 pm

Hi Mike

Do you mean it could be a problem that i have entry for EndPoint and servers ? Kaspersky Security 10 for Windows Servers command line is with kavshell.exe command. Directory is c:\program files (x86)\Kaspersky Lab\Kaspersky Security 10 for Windows Server. but there is also a service for Kaspersky .

What do i have to choose > isportablesoftware=false or true.
The Manuel says > true when exe is available. False when there is service

Mike Resseler
Product Manager
Posts: 5290
Liked: 557 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: Secure restore

Post by Mike Resseler » Feb 12, 2019 8:21 pm

I am assuming you will be running the server version on the server responsible for mounting the backup? If so, use the server version. And I think, that it will be a service so isportablesofware=false

If you make the changes, let us know how it looks then

Post Reply

Who is online

Users browsing this forum: Google [Bot] and 24 guests