Veeam Threat Hunter is a new feature introduced in Veeam Backup & Replication 12.3 that provides the speed of YARA scans and the breadth of malware detection of a classic antivirus.
But how fast it is? In the Veeam Community somebody declares 3x-6x faster in testing depending on the contents being scanned when testing against Windows Defender.
Let’s do some test with a VM with 22,4 GB:
And some restore points:
When Veeam Threat Hunter is enabled with also the scan of archive files (default option):
The scan speed is reasonable… around 3,5 hours to scan all the restore points in my lab environment:
More interesting is the result of a YARA scan using the Top 10 YARA rules, the scan speed in version 12.3 seems much more faster compared to previous versions… almost 1 hour to perform the scan of all the restore points:
With only Microsoft Defender the result is totally different… more than 16 hours!
Seems that version 12.3 has introduced some speed enhancements, not only with Threat Hunter, but in all the scan engine.
With previous versions I’ve notice a scan speed of about 1 GB/s on the same system… now a simple YARA scan is 2x time faster. And Threat Hunter brings a good boost compare to normal antivirus detection.