Antivirus Exclusions for Veeam Backup & Replication

KB ID: 1999
Product: Veeam Backup & Replication | 10 | 11 | 12
Veeam Cloud Connect | 10 | 11 | 12
Published: 2015-02-03
Last Modified: 2023-07-05
Languages: FR | ES
mailbox
Get weekly article updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.

Cheers for trusting us with the spot in your mailbox!

Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest

error icon

Oops! Something went wrong.

Please try again later.

Purpose

This article documents antivirus exclusions that may be created to reduce the impact that antivirus software has on the functionality of Veeam Backup & Replication. These antivirus exclusions may be applied to the Windows built-in antivirus or third-party antivirus software.

Note: Antivirus will not always cause Veeam Backup & Replication functions to fail; antivirus software may also negatively impact performance.

Due to the complex nature of antivirus software, additional exclusions may be needed. Users are advised to review their antivirus logging or history to determine if additional objects need to be excluded.

Antivirus Exclusions

On the Veeam Backup Server:

  • C:\Program Files\Veeam\
  • C:\Program Files (x86)\Veeam\
  • C:\Program Files\Common Files\Veeam\
  • C:\Program Files (x86)\Common Files\Veeam\
  • VBRCatalog Path

    This path can be found in the registry under the value named CatalogPath in the key HKLM\SOFTWARE\Veeam\Veeam Backup Catalog\
  • NFS Path

    This path can be found in the registry under the value named RootFolder in the key HKLM\SOFTWARE\Wow6432Node\Veeam\Veeam NFS\
  • C:\VeeamFLR\
  • %windir%\Veeam\
  • %programdata%\Veeam\
    This is the default log directory location, if the log directory path has been changed, the AV exclusion must be adjusted to match.
  • C:\Windows\TEMP\*\veeamflr-*.flat
  • C:\Windows\Temp\VeeamBackup\
  • C:\Windows\Temp\VeeamBackupTemp\
  • C:\Windows\Temp\veeamdumprecorder\

In Guest OS of protected Windows Machines:

If either Application-Aware Processing or Guest File System Indexing are enabled, the following folders will be used:

  • %programdata%\Veeam\
  • %windir%\VeeamVssSupport\

On SQL Servers, when SQL Server Transaction Log Backup is enabled, the following folder will be used:

  • %windir%\VeeamLogShipper\

In Guest OS of File-Level Restore Target Windows Machines:

When restoring files to the original machine or a different machine, the following folders are used:

  • %programdata%\Veeam\
  • %windir%\VeeamVssSupport\

On VMware Backup Proxies, Gateway Servers, and Hyper-V Hosts:

  • C:\Program Files (x86)\Veeam\
  • %windir%\Veeam\
  • C:\Windows\Temp\VeeamBackup\
  • C:\Windows\Temp\VeeamBackupTemp\
  • %programdata%\Veeam\
  • Veeam CDP Proxy Cache Folder
    Default: C:\VeeamCDP\
  • Mount Server Instant recover write cache folder
    Review each repository's Mount Server setting and add an AV exclusion for the write cache path on the Mount Server specified.
  • VeeamAgent.exe
  • VeeamAgent64.exe

On Windows Repositories:

On WAN Accelerators:

On Cloud Gateways:

  • %programdata%\Veeam\

Repository File Extensions:

  • *.erm
  • *.flat
  • *.vab
  • *.vbk
  • *.vbk.tmp
  • *.vblob
  • *.vbm
  • *.vbm_*tmp
  • *.vcache
  • *.vib
  • *.vindex
  • *.vlb
  • *.vmdk
  • *.vrb
  • *.vsb
  • *.vslice
  • *.vsource
  • *.vsourcecopy
  • *.vsourcetemp
  • *.vstore
  • *.vstorecopy
  • *.vstoretemp

More Information

Security Software on Linux

Due to the high variability in how each Security solution operates and may be configured, some Linux Administrators may find that no exclusions are needed. Yet others may find that their security policies may necessitate specific exclusions. With that in mind, we strongly encourage Linux administrators to review their security software's logging closely when issues occur and adjust rules/policies accordingly.

Veeam Support has observed that the most common issues occur when Antivirus has been configured to tightly secure the /tmp/ directory, which in turn causes conflicts with Veeam's use of the path /tmp/Veeam/ . For example,  a Veeam Agent for Linux backup job may display the error "POSIX: Failed to open file [/dev/veeamimage1]." This error can be misleading at first as the path shown in the error does not appear related to /tmp/Veeam/, but in fact,/dev/veeamimage is symlinked to /tmp/Veeam/{guid}/

Below is a preliminary list of folders and executables that Veeam Support has identified:

  • /dev/veeamimage*
  • /etc/veeam/*
  • /opt/veeam/*
  • /tmp/veeamagent*
  • /tmp/veeam/*
  • /tmp/veeam/{*}
  • /usr/bin/veeamconfig
  • /usr/sbin/veeam*
    Specific executables:
    • veeam
    • veeamagent
    • veeamjobman
    • veeammount
    • veeampsqlagent
    • veeamservice
    • veeamsupporttool
  • /var/lib/veeam/*
  • /var/log/veeam/*
To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Spelling error in text

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please try again later.

You have selected too large block!

Please try select less.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case

By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Verify your email to continue your product download
We've sent a verification code to:
  • Incorrect verification code. Please try again.
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

error icon

Oops! Something went wrong.

Please try again later.