Backup of an infected VM

[marius roma]

I realize that my question can sound crazy, but the problem is real.
Imagine a Windows Server SP2 VM infected by various kind of malware (including trojans).
I need to create a backup of the VM (powered up) in order to preserve the data contained in the infected VM itself before attempting to clean up the VM and remove the malware.
Is there any risk to compromise the other VMs managed by the same Veeam B&R server, the NAS used as target or the Veeam B&R server itself?
If so, how can I prevent such possible risks?
Regards
marius

[Egor Yakovlev]

Hi Mario!

You have a valid question and it's not crazy at all!
- Backup is done at image level, thus we will read .vmdk file of said VM and infected guest OS will be unaware its being backed up. Check if Application-aware Image Processing is disabled in Backup Job "Guest Processing" step to make sure we will not communicate with said VM guest OS over network(yeah, backup will be crash-consistent, but 100% invisible to guest OS).
- Backup is processed and kept in a proprietary format, and trojans from within our compressed and deduplicated backup file will have no chance to infect said NAS server files.
- Note that Veeam has Secure Restore and Staged Restore functions that might assist with infected machine restore cases.

Hope that helps!