Secure Restore Security

[cpm30]

Good afternoon folks,

Quick question regarding Veeam's Secure Restore functionality. I understand the basic concepts of how the process works regarding it's ability to use the mount server's AV to scan disks for malware that are extracted to C:\VeeamFLR\machinename. My question regarding this is how does Veeam insure the malware from the disks does not cross over to the mount server filesystem itself? Do you recommend having more than one mount server, i.e one dedicated for secure restores?

[Mildur]

that are extracted to C:\VeeamFLR\machinename. My question regarding this is how does Veeam insure the malware from the disks does not cross over to the mount server filesystem itself?

This files are not extracted to that path. The backup file is only mounted to this folder. The anti virus software is scanning this mountpoint and it‘s content (disk structure with folders and files from the vm in the restore point). No file will be executed.
If one of this files will be executed, then it must be some malicious process on the mount server itself, which waits for this infected files inside the Backup files to be available to execute them.

Do you recommend having more than one mount server, i.e one dedicated for secure restores?

The mount server is choosen in the backup repo properties. Secure restore will use that mount server depending from which backup repository you are doing the restore. You can‘t use multiple mount servers for one backup repository.