#1 Global Leader in Data Resilience

Antivirus Exclusions for Veeam Backup & Replication

KB ID: 1999
Product: Veeam Backup & Replication | 11 | 12 | 12.1 | 12.2 | 12.3
Veeam Cloud Connect | 11 | 12 | 12.2 | 12.3
Published: 2015-02-03
Last Modified: 2024-12-05
mailbox
Get weekly article updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.

Cheers for trusting us with the spot in your mailbox!

Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest

error icon

Oops! Something went wrong.

Please, try again later.

Veeam Threat Hunter service Exclusions

When upgrading to Veeam Backup & Replication 12.3, the installer's Configuration Check will display a warning advising:

The new Veeam Threat Hunter service scanning process might be interrupted by existing antivirus
software on mount hosts. Please read KB1999 to set the appropriate exclusions.

To prevent interference from security software, the following folder should be excluded on all Mount Servers:

C:\Program Files\Veeam\Backup and Replication\Threat Hunter\

For details about other antivirus exclusions, please review the rest of this article.

Purpose

To ensure the performance and reliability of Veeam Backup & Replication, we strongly advise implementing the antivirus exclusions outlined in this article. Interference caused by security software will not always cause Veeam Backup & Replication functions to fail; some conflicts may cause nuanced performance impacts, such as slow backup speeds, slow restore speeds, or seemingly random job failures.
Limitations and Considerations
  • Given the complex nature of antivirus software, it may be necessary to add additional exclusions. Users are encouraged to review their antivirus logs or history to determine if more objects must be excluded.
  • Although these exclusions are primarily intended for antivirus software, they may also need to be applied to other security software. This includes any software that performs file scanning or access control, which could potentially block or interfere with Veeam-related processes.
  • All folder paths listed in this article include recursively all files and subfolders.
  • For folder paths containing Veeam executables (e.g., C:\Program Files\), some security software may require explicit process exclusions to be configured for the executables within those folders rather than a folder-wide process exclusion.
Deployment and Upgrades

The folder paths provided in this article are paths the software uses for day-to-day operations. During the deployment and updating of Veeam Backup & Replication or Veeam Backup Enterprise Manager, user and system temp folders (e.g., %temp%, C:\Users\<user>\AppData\Local\Temp\, or C:\Windows\Temp\) are used to store extracted installer data.

While relatively rare, security software may disrupt the installer, leading to deployment failure. Rather than excluding the entire temp folder from security monitoring, we suggest that should you encounter an installation or update issue that you believe is related to security software interference, a temporary deactivation of the security monitoring may be necessary to eliminate interruptions. Remember to reactivate the security software once the installation or update is completed.

Antivirus Exclusions

On the Veeam Backup Server:

  • C:\Program Files\Veeam\
  • C:\Program Files (x86)\Veeam\
  • C:\Program Files\Common Files\Veeam\
  • C:\Program Files (x86)\Common Files\Veeam\
  • VBRCatalog Path

    This path can be found in the registry under the value named CatalogPath in the key HKLM\SOFTWARE\Veeam\Veeam Backup Catalog\
  • NFS Path

    This path can be found in the registry under the value named RootFolder in the key HKLM\SOFTWARE\Wow6432Node\Veeam\Veeam NFS\
  • C:\VeeamFLR\  Optional. See: NoteThe VeeamFLR folder is where Veeam Backup & Replication mounts the disks of machines so that their content can be accessed. Traditionally, it has been advised to exclude this folder from antivirus scans to avoid the risk of interference with Guest OS File Recovery and Disk Publishing restore operations, as such interference could negatively impact the restore process or its performance.

    However, with the introduction of features like Scan Backup and the malware scanning component of SureBackup in Veeam Backup & Replication v12.1, antivirus software now requires access to the VeeamFLR folder to perform scans on the content of a machine's backed-up disk.

    While most antivirus solutions make a distinction between automatic and on-demand scans in the context of an exclusion, some customers have reported that their antivirus software refused to perform the on-demand scans of an excluded VeeamFLR folder. Consequently, the same exclusion intended to avoid interference with Guest OS File Recovery could inadvertently cause the Scan Backup feature to be unable to perform malware scans correctly.

    Therefore, Veeam continues to recommend excluding the C:\VeeamFLR except in scenarios where such exclusion would prevent desired features from operating correctly due to a customer's security software refusing to scan on-demand an excluded folder.
  • C:\Windows\Veeam\
  • C:\ProgramData\Veeam\
    This is the default log directory location, if the log directory path has been changed, the AV exclusion must be adjusted to match.
  • C:\Windows\Temp\*\veeamflr-*.flat
  • C:\Windows\Temp\VeeamBackup\
  • C:\Windows\Temp\VeeamBackupTemp\
  • C:\Windows\Temp\veeamdumprecorder\
  • C:\Windows\TEMP\VeeamForeignSessionContext*\
    This folder is used to store Malware Detection Inline Entropy Analysis files from guests that are protected.
  • %localappdata%\Veeam\Backup\
    This is a per-user folder.
  • PostgreSQL Antivirus Exclusion Recommendation 
    When the configuration database is hosted by PostgreSQL, the default for all new deployments of Veeam Backup & Replication 12 and higher.

 

For Veeam Backup Enterprise Manager:

  • C:\Program Files\Veeam\
  • C:\Program Files\Common Files\Veeam\
  • VBRCatalog Path
    Default: C:\VBRCatalog
    This path can be found in the registry under the value named CatalogPath in the key HKLM\SOFTWARE\Veeam\Veeam Backup Catalog\
  • C:\ProgramData\Veeam\
    This is the default log directory location; if the log directory path has been changed, the AV exclusion must be adjusted to match.

For Veeam Backup & Replication Console:

  • C:\Program Files\Veeam\
  • C:\Program Files (x86)\Veeam\
  • C:\Program Files\Common Files\Veeam\
  • C:\Program Files (x86)\Common Files\Veeam\
  • C:\VeeamFLR\  Optional. See: NoteThe VeeamFLR folder is where Veeam Backup & Replication mounts the disks of machines so that their content can be accessed. Traditionally, it has been advised to exclude this folder from antivirus scans to avoid the risk of interference with Guest OS File Recovery and Disk Publishing restore operations, as such interference could negatively impact the restore process or its performance.

    However, with the introduction of features like Scan Backup and the malware scanning component of SureBackup in Veeam Backup & Replication v12.1, antivirus software now requires access to the VeeamFLR folder to perform scans on the content of a machine's backed-up disk.

    While most antivirus solutions make a distinction between automatic and on-demand scans in the context of an exclusion, some customers have reported that their antivirus software refused to perform the on-demand scans of an excluded VeeamFLR folder. Consequently, the same exclusion intended to avoid interference with Guest OS File Recovery could inadvertently cause the Scan Backup feature to be unable to perform malware scans correctly.

    Therefore, Veeam continues to recommend excluding the C:\VeeamFLR, except in scenarios where such exclusion would prevent desired features from operating correctly due to a customer's security software refusing to scan on-demand that folder.
  • C:\Windows\Veeam\
  • C:\ProgramData\Veeam\
    This is the default log directory location, if the log directory path has been changed, the AV exclusion must be adjusted to match.
  • C:\Windows\Temp\*\veeamflr-*.flat
  • C:\Windows\Temp\VeeamBackup\
  • C:\Windows\Temp\VeeamBackupTemp\
  • C:\Windows\Temp\veeamdumprecorder\
  • %localappdata%\Veeam\Backup\
    This is a per-user folder.

In Guest OS of protected Windows Machines:

If either Application-Aware Processing or Guest File System Indexing is enabled, the following folders will be used:

  • %programdata%\Veeam\
  • %windir%\VeeamVssSupport\

If the Malware Detection system's Enable inline entropy analysis option is enabled, and the Guest File System Indexing and Malware Detection guest processing option is enabled:

  • C:\Windows\TEMP\*.ridx

On SQL Servers, when SQL Server Transaction Log Backup is enabled, the following folder will be used:

  • %windir%\VeeamLogShipper\

If using Persistent Agent Components, the Veeam Guest Agent package will be installed.

  • C:\Program Files\Common Files\Veeam\Backup and Replication\Veeam Guest Agent\

In Guest OS of File-Level Restore Target Windows Machines:

When restoring files to the original machine or a different machine, the following folders are used:

  • %programdata%\Veeam\
  • %windir%\VeeamVssSupport\

Windows-based Backup Infrastructure Components

Below is a list of packages that may be installed on machines assigned Backup Infrastructure Component roles (e.g., VMware Backup Proxy, WAN Accelerator, Windows Repository) and their associated AV exclusion requirements. Review which packages are installed on a given machine and create the AV exclusions based on which packages are installed.

 

General Folders

All Windows-based components use the following folders:

  • C:\ProgramData\Veeam\
    Default Log Folder
  • C:\Windows\Temp\Veeam\
  • C:\Windows\Temp\VeeamBackupTemp\

 

Package Specific AV Exclusions

Package names below are as listed within the Programs & Features list (appwiz.cpl).

Veeam Installer Service

  • C:\Windows\Veeam\Backup\

Veeam Backup Transport

  • C:\Program Files (x86)\Veeam\Backup Transport\

Veeam CDP Proxy

  • C:\Program Files\Veeam\CDP Proxy Service\
  • Veeam CDP Proxy Cache Folder (For VMware Backup Proxies assigned to act as CDP Proxies)
    Default: C:\VeeamCDP\

Veeam Backup vPowerNFS

  • C:\Program Files (x86)\Veeam\vPowerNFS\
  • Instant recover write cache folder
    Review each repository's Mount Server setting and add an AV exclusion for the write cache path on the Mount Server specified.

Veeam Hyper-V Integration

  • C:\Program Files\Veeam\Hyper-V Integration\

Veeam Mount Service

  • C:\Program Files\Common Files\Veeam\Backup and Replication\
  • C:\VeeamFLR\  Optional. See: NoteThe VeeamFLR folder is where Veeam Backup & Replication mounts the disks of machines so that their content can be accessed. Traditionally, it has been advised to exclude this folder from antivirus scans to avoid the risk of interference with Guest OS File Recovery and Disk Publishing restore operations, as such interference could negatively impact the restore process or its performance.

    However, with the introduction of features like Scan Backup and the malware scanning component of SureBackup in Veeam Backup & Replication v12.1, antivirus software now requires access to the VeeamFLR folder to perform scans on the content of a machine's backed-up disk.

    While most antivirus solutions make a distinction between automatic and on-demand scans in the context of an exclusion, some customers have reported that their antivirus software refused to perform the on-demand scans of an excluded VeeamFLR folder. Consequently, the same exclusion intended to avoid interference with Guest OS File Recovery could inadvertently cause the Scan Backup feature to be unable to perform malware scans correctly.

    Therefore, Veeam continues to recommend excluding the C:\VeeamFLR, except in scenarios where such exclusion would prevent desired features from operating correctly due to a customer's security software refusing to scan on-demand that folder.
  • C:\Windows\Temp\*\veeamflr-*.flat
  • Backup Files Location or Backup File Extensions
    When the machine is acting as a Windows Backup Repository. 
  • Capacity Tier 'ArchiveIndex' Path

Veeam WAN Accelerator Service

Veeam Remote Tape Access Service

  • C:\Program Files (x86)\Veeam\Backup Tape\

Veeam Backup Cloud Gateway

  • C:\Program Files (x86)\Veeam\Backup Gate\

Veeam Threat Hunter

  • C:\Program Files\Veeam\Backup and Replication\Threat Hunter\

Veeam Transaction Log Backup Service

  • C:\Program Files\Common Files\Veeam\Backup and Replication\Log Backup Service\

Repository File Extensions:

  • *.erm
  • *.flat
  • *.vab
  • *.vacm
  • *.vacm_*tmp
  • *.vasm
  • *.vasm_*tmp
  • *.vbk
  • *.vbk.tmp
  • *.vblob
  • *.vbm
  • *.vbm.temp
  • *.vbm_*tmp
  • *.vcache
  • *.vib
  • *.vindex
  • *.vlb
  • *.vmdk
  • *.vrb
  • *.vsb
  • *.vslice
  • *.vsource
  • *.vsourcecopy
  • *.vsourcetemp
  • *.vstore
  • *.vstorecopy
  • *.vstoretemp

More Information

Security Software on Linux

Due to the high variability in how each Security solution operates and may be configured, some Linux Administrators may find that no exclusions are needed. Yet others may find that their security policies may necessitate specific exclusions. With that in mind, we strongly encourage Linux administrators to review their security software's logging closely when issues occur and adjust rules/policies accordingly.

Veeam Support has observed that the most common issues occur when Antivirus has been configured to tightly secure the /tmp/ directory, which in turn causes conflicts with Veeam's use of the path /tmp/Veeam/ . For example,  a Veeam Agent for Linux backup job may display the error "POSIX: Failed to open file [/dev/veeamimage1]." This error can be misleading at first as the path shown in the error does not appear related to /tmp/Veeam/, but in fact,/dev/veeamimage is symlinked to /tmp/Veeam/{guid}/

Below is a preliminary list of folders and executables that Veeam Support has identified:

  • /dev/veeamimage*
  • /etc/veeam/*
  • /opt/veeam/*
  • /tmp/veeamagent*
  • /tmp/veeam/*
  • /tmp/veeam/{*}
  • /usr/bin/veeamconfig
  • /usr/sbin/veeam*
    Specific executables:
    • veeam
    • veeamagent
    • veeamjobman
    • veeammount
    • veeampsqlagent
    • veeamservice
    • veeamsupporttool
  • /var/lib/veeam/*
  • /var/log/veeam/*
To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Spelling error in text

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply except as noted in our Privacy Policy.
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please, try again later.

You have selected too large block!

Please try select less.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case

By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.
This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply except as noted in our Privacy Policy.
Verify your email to continue your product download
We've sent a verification code to:
  • Incorrect verification code. Please try again.
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

error icon

Oops! Something went wrong.

Please, try again later.