Reading Time: 3 minutes

Backup content can be safe during the backup, but maybe there are some security threads that are not yet been identify (like 0-day attack) or maybe the backup data are corrupoted (like guest filesystem corruption).

SureBackup is the Veeam technology that allows you to test machines backups and check if you can recover data from them. You can verify any restore point of a backed-up machine.

For SureBackup, Veeam Backup & Replication uses a regular image-based backup. SureBackup job can operate in two different recovery verification modes:

  • Full recoverability testing (the traditional virtual lab/data lab approach): Veeam Backup & Replication runs machines in an isolated environment directly from backup and performs tests against live applications.This mode ensures recoverability of your production workloads in a disaster recovery event.
  • Backup verification and content scan only (introduced in Veeam v12): Veeam Backup & Replication performs backup integrity check and its content analysis to detect traces of malware or any other unwanted or sensitive data. These tests do not require setting up a virtual lab or an application group.

Let’s see the new mode. Please note that Backup verification and content scan only actually works only for Windows based VM/images.

During the backup verification and content scan, Veeam Backup & Replication performs the following actions:

  1. If the SureBackup job is configured to perform malware scan, Veeam Backup & Replication scans backups of the machines from the linked job with antivirus software and the specified YARA rule.
  2. If the SureBackup job is configured to validate backup files, Veeam Backup & Replication performs a cyclic redundancy check for the backup file from which the machine under verification is started. The backup file validation is performed after all verification tests are complete.
  3. When the recovery verification process is over, Veeam Backup & Replication creates a report on the machines’ state. The report is sent to the backup administrator by email.

During verification, a backed-up machine image remains in read-only state. All changes that take place when the machine is running are written to the differencing disk (AVHD/AVHDX file), created for the recovered machine. When the recovery verification process is complete, the changes are discarded.

You can start the scan from a backup:

You can monitor the scan also if you close the previous window:

Scan Backup works only for backup from Windows Agent, VMware VMs (with Windows guest OS) or Hyper-V VM (with Windows guest OS) .

For AHV 5.1, there is a SureBackup Lite (Scan Backup) introduced in Veeam v12.1, as described in this post.

Share