Veeam Feature Request: Read-Only backups

[joshgoldeneagle]

Veeam support team told me to go to the forums here in order to make a feature request. So here I am in the forums.

I am interested in having an option to have the backup files for Veeam Backup and Replication be immutable. This way I would think that any ransomware would be unable to encrypt Veeam backups.

[Mgamerz]

How would that be achieved? This would have to be at a driver or OS level. The only one I've seen do something like this is Macrium Reflect's Image Guard, which uses some sort of group policy setting with a driver that prevents modification of a certain filetype (and was very irritating to get around when I actually needed to move the files).

[Gostev]

@Mgamerz you could've just uninstalled it. That's actually the reason why driver-based approach does not add much protection for your backups. There's just too many simple ways to bypass such "protection", starting from just formatting the disk, wiping it with diskpart clean, etc.

@Josh the only true protection from cyber attacks on your backups is air gap. If your backups are offline, they cannot be altered or deleted no matter what. People achieve that with rotated hard drives, tape, etc.