- Veeam Support Knowledge Base
- Antivirus Exclusions for Veeam Backup & Replication
Antivirus Exclusions for Veeam Backup & Replication
Cheers for trusting us with the spot in your mailbox!
Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest
Oops! Something went wrong.
Please, try again later.
Purpose
- Given the complex nature of antivirus software, it may be necessary to add additional exclusions. Users are encouraged to review their antivirus logs or history to determine if more objects must be excluded.
- Although these exclusions are primarily intended for antivirus software, they may also need to be applied to other security software. This includes any software that performs file scanning or access control, which could potentially block or interfere with Veeam-related processes.
- All folder paths listed in this article include recursively all files and subfolders.
- For folder paths containing Veeam executables (e.g., C:\Program Files\), some security software may require explicit process exclusions to be configured for the executables within those folders rather than a folder-wide process exclusion.
The folder paths provided in this article are paths the software uses for day-to-day operations. During the deployment and updating of Veeam Backup & Replication or Veeam Backup Enterprise Manager, user and system temp folders (e.g., %temp%, C:\Users\<user>\AppData\Local\Temp\, or C:\Windows\Temp\) are used to store extracted installer data.
While relatively rare, security software may disrupt the installer, leading to deployment failure. Rather than excluding the entire temp folder from security monitoring, we suggest that should you encounter an installation or update issue that you believe is related to security software interference, a temporary deactivation of the security monitoring may be necessary to eliminate interruptions. Remember to reactivate the security software once the installation or update is completed.
Antivirus Exclusions
On the Veeam Backup Server:
- C:\Program Files\Veeam\
- C:\Program Files (x86)\Veeam\
- C:\Program Files\Common Files\Veeam\
- C:\Program Files (x86)\Common Files\Veeam\
- VBRCatalog Path
This path can be found in the registry under the value named CatalogPath in the keyHKLM\SOFTWARE\Veeam\Veeam Backup Catalog\ - NFS Path
This path can be found in the registry under the value named RootFolder in the keyHKLM\SOFTWARE\Wow6432Node\Veeam\Veeam NFS\ - C:\VeeamFLR\ Optional. See: NoteThe VeeamFLR folder is where Veeam Backup & Replication mounts the disks of machines so that their content can be accessed. Traditionally, it has been advised to exclude this folder from antivirus scans to avoid the risk of interference with Guest OS File Recovery and Disk Publishing restore operations, as such interference could negatively impact the restore process or its performance.
However, with the introduction of features like Scan Backup and the malware scanning component of SureBackup in Veeam Backup & Replication v12.1, antivirus software now requires access to the VeeamFLR folder to perform scans on the content of a machine's backed-up disk.
While most antivirus solutions make a distinction between automatic and on-demand scans in the context of an exclusion, some customers have reported that their antivirus software refused to perform the on-demand scans of an excluded VeeamFLR folder. Consequently, the same exclusion intended to avoid interference with Guest OS File Recovery could inadvertently cause the Scan Backup feature to be unable to perform malware scans correctly.
Therefore, Veeam continues to recommend excluding the C:\VeeamFLR except in scenarios where such exclusion would prevent desired features from operating correctly due to a customer's security software refusing to scan on-demand an excluded folder. - C:\Windows\Veeam\
- C:\ProgramData\Veeam\
This is the default log directory location, if the log directory path has been changed, the AV exclusion must be adjusted to match. - C:\Windows\Temp\*\veeamflr-*.flat
- C:\Windows\Temp\VeeamBackup\
- C:\Windows\Temp\VeeamBackupTemp\
- C:\Windows\Temp\veeamdumprecorder\
- C:\Windows\TEMP\VeeamForeignSessionContext*\
This folder is used to store Malware Detection Inline Entropy Analysis files from guests that are protected. - %localappdata%\Veeam\Backup\
This is a per-user folder.
For Veeam Backup Enterprise Manager:
- C:\Program Files\Veeam\
- C:\Program Files\Common Files\Veeam\
- VBRCatalog Path
Default: C:\VBRCatalog
This path can be found in the registry under the value named CatalogPath in the keyHKLM\SOFTWARE\Veeam\Veeam Backup Catalog\ - C:\ProgramData\Veeam\
This is the default log directory location; if the log directory path has been changed, the AV exclusion must be adjusted to match.
For Veeam Backup & Replication Console:
- C:\Program Files\Veeam\
- C:\Program Files (x86)\Veeam\
- C:\Program Files\Common Files\Veeam\
- C:\Program Files (x86)\Common Files\Veeam\
- C:\VeeamFLR\ Optional. See: NoteThe VeeamFLR folder is where Veeam Backup & Replication mounts the disks of machines so that their content can be accessed. Traditionally, it has been advised to exclude this folder from antivirus scans to avoid the risk of interference with Guest OS File Recovery and Disk Publishing restore operations, as such interference could negatively impact the restore process or its performance.
However, with the introduction of features like Scan Backup and the malware scanning component of SureBackup in Veeam Backup & Replication v12.1, antivirus software now requires access to the VeeamFLR folder to perform scans on the content of a machine's backed-up disk.
While most antivirus solutions make a distinction between automatic and on-demand scans in the context of an exclusion, some customers have reported that their antivirus software refused to perform the on-demand scans of an excluded VeeamFLR folder. Consequently, the same exclusion intended to avoid interference with Guest OS File Recovery could inadvertently cause the Scan Backup feature to be unable to perform malware scans correctly.
Therefore, Veeam continues to recommend excluding the C:\VeeamFLR, except in scenarios where such exclusion would prevent desired features from operating correctly due to a customer's security software refusing to scan on-demand that folder. - C:\Windows\Veeam\
- C:\ProgramData\Veeam\
This is the default log directory location, if the log directory path has been changed, the AV exclusion must be adjusted to match. - C:\Windows\Temp\*\veeamflr-*.flat
- C:\Windows\Temp\VeeamBackup\
- C:\Windows\Temp\VeeamBackupTemp\
- C:\Windows\Temp\veeamdumprecorder\
- %localappdata%\Veeam\Backup\
This is a per-user folder.
In Guest OS of protected Windows Machines:
If either Application-Aware Processing or Guest File System Indexing is enabled, the following folders will be used:
- %programdata%\Veeam\
- %windir%\VeeamVssSupport\
If the Malware Detection system's Enable inline entropy analysis option is enabled, and the Guest File System Indexing and Malware Detection guest processing option is enabled:
- C:\Windows\TEMP\*.ridx
On SQL Servers, when SQL Server Transaction Log Backup is enabled, the following folder will be used:
- %windir%\VeeamLogShipper\
If using Persistent Agent Components, the Veeam Guest Agent package will be installed.
- C:\Program Files\Common Files\Veeam\Backup and Replication\Veeam Guest Agent\
In Guest OS of File-Level Restore Target Windows Machines:
When restoring files to the original machine or a different machine, the following folders are used:
- %programdata%\Veeam\
- %windir%\VeeamVssSupport\
Windows-based Backup Infrastructure Components
Below is a list of packages that may be installed on machines assigned Backup Infrastructure Component roles (e.g., VMware Backup Proxy, WAN Accelerator, Windows Repository) and their associated AV exclusion requirements. Review which packages are installed on a given machine and create the AV exclusions based on which packages are installed.
General Folders
All Windows-based components use the following folders:
- C:\ProgramData\Veeam\
Default Log Folder - C:\Windows\Temp\Veeam\
- C:\Windows\Temp\VeeamBackupTemp\
Package Specific AV Exclusions
Package names below are as listed within the Programs & Features list (appwiz.cpl).
Veeam Installer Service
- C:\Windows\Veeam\Backup\
Veeam Backup Transport
- C:\Program Files (x86)\Veeam\Backup Transport\
Veeam CDP Proxy
- C:\Program Files\Veeam\CDP Proxy Service\
- Veeam CDP Proxy Cache Folder (For VMware Backup Proxies assigned to act as CDP Proxies)
Default: C:\VeeamCDP\
Veeam Backup vPowerNFS
- C:\Program Files (x86)\Veeam\vPowerNFS\
- Instant recover write cache folder
Review each repository's Mount Server setting and add an AV exclusion for the write cache path on the Mount Server specified.
Veeam Hyper-V Integration
- C:\Program Files\Veeam\Hyper-V Integration\
Veeam Mount Service
- C:\Program Files\Common Files\Veeam\Backup and Replication\
- C:\VeeamFLR\ Optional. See: NoteThe VeeamFLR folder is where Veeam Backup & Replication mounts the disks of machines so that their content can be accessed. Traditionally, it has been advised to exclude this folder from antivirus scans to avoid the risk of interference with Guest OS File Recovery and Disk Publishing restore operations, as such interference could negatively impact the restore process or its performance.
However, with the introduction of features like Scan Backup and the malware scanning component of SureBackup in Veeam Backup & Replication v12.1, antivirus software now requires access to the VeeamFLR folder to perform scans on the content of a machine's backed-up disk.
While most antivirus solutions make a distinction between automatic and on-demand scans in the context of an exclusion, some customers have reported that their antivirus software refused to perform the on-demand scans of an excluded VeeamFLR folder. Consequently, the same exclusion intended to avoid interference with Guest OS File Recovery could inadvertently cause the Scan Backup feature to be unable to perform malware scans correctly.
Therefore, Veeam continues to recommend excluding the C:\VeeamFLR, except in scenarios where such exclusion would prevent desired features from operating correctly due to a customer's security software refusing to scan on-demand that folder. - C:\Windows\Temp\*\veeamflr-*.flat
- Backup Files Location or Backup File Extensions
When the machine is acting as a Windows Backup Repository. - Capacity Tier 'ArchiveIndex' Path
Veeam WAN Accelerator Service
- C:\Program Files\Veeam\WAN Accelerator Service\
- *WAN cache Path*
Veeam Remote Tape Access Service
- C:\Program Files (x86)\Veeam\Backup Tape\
Veeam Backup Cloud Gateway
- C:\Program Files (x86)\Veeam\Backup Gate\
Veeam Transaction Log Backup Service
- C:\Program Files\Common Files\Veeam\Backup and Replication\Log Backup Service\
Repository File Extensions:
- *.erm
- *.flat
- *.vab
- *.vacm
- *.vacm_*tmp
- *.vasm
- *.vasm_*tmp
- *.vbk
- *.vbk.tmp
- *.vblob
- *.vbm
- *.vbm.temp
- *.vbm_*tmp
- *.vcache
- *.vib
- *.vindex
- *.vlb
- *.vmdk
- *.vrb
- *.vsb
- *.vslice
- *.vsource
- *.vsourcecopy
- *.vsourcetemp
- *.vstore
- *.vstorecopy
- *.vstoretemp
More Information
Related Articles
- Antivirus Exclusions for Veeam Backup & Replication
- Antivirus Exclusions for Veeam ONE
- Antivirus Exclusions for Veeam Recovery Orchestrator
- Antivirus Exclusions for Veeam Agent for Microsoft Windows
- Antivirus Exclusions for Veeam Agent for Mac
- Antivirus Exclusions for Veeam Service Provider Console
- Antivirus Exclusions for Veeam Backup for Microsoft 365
- Antivirus Exclusions for Veeam Plug-ins for Enterprise Applications
Security Software on Linux
Due to the high variability in how each Security solution operates and may be configured, some Linux Administrators may find that no exclusions are needed. Yet others may find that their security policies may necessitate specific exclusions. With that in mind, we strongly encourage Linux administrators to review their security software's logging closely when issues occur and adjust rules/policies accordingly.
Veeam Support has observed that the most common issues occur when Antivirus has been configured to tightly secure the /tmp/ directory, which in turn causes conflicts with Veeam's use of the path /tmp/Veeam/ . For example, a Veeam Agent for Linux backup job may display the error "POSIX: Failed to open file [/dev/veeamimage1]." This error can be misleading at first as the path shown in the error does not appear related to /tmp/Veeam/, but in fact,/dev/veeamimage is symlinked to /tmp/Veeam/{guid}/
Below is a preliminary list of folders and executables that Veeam Support has identified:
- /dev/veeamimage*
- /etc/veeam/*
- /opt/veeam/*
- /tmp/veeamagent*
- /tmp/veeam/*
- /tmp/veeam/{*}
- /usr/bin/veeamconfig
- /usr/sbin/veeam*
Specific executables:- veeam
- veeamagent
- veeamjobman
- veeammount
- veeampsqlagent
- veeamservice
- veeamsupporttool
- veeam
- /var/lib/veeam/*
- /var/log/veeam/*
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.
Spelling error in text
Thank you!
Your feedback has been received and will be reviewed.
Oops! Something went wrong.
Please, try again later.
You have selected too large block!
Please try select less.
KB Feedback/Suggestion
This form is only for KB Feedback/Suggestions, if you need help with the software open a support case
Thank you!
Your feedback has been received and will be reviewed.
Oops! Something went wrong.
Please, try again later.