Antivirus Exclusions for Veeam Backup & Replication
Purpose
This article documents antivirus exclusions that may be created to reduce the impact that antivirus software has on the functionality of Veeam Backup & Replication. These antivirus exclusions may be applied to the Windows built-in antivirus or third-party antivirus software.
Note: Antivirus will not always cause Veeam Backup & Replication functions to fail; antivirus software may also negatively impact performance.
- Given the complex nature of antivirus software, it may be necessary to add additional exclusions. Users are encouraged to review their antivirus logs or history to determine if more objects need to be excluded.
- Although these exclusions are primarily intended for antivirus software, they may also need to be applied to other security software. This includes any software that performs file scanning or access control, as these could potentially block or interfere with Veeam-related processes.
Antivirus Exclusions
On the Veeam Backup Server:
- C:\Program Files\Veeam\
- C:\Program Files (x86)\Veeam\
- C:\Program Files\Common Files\Veeam\
- C:\Program Files (x86)\Common Files\Veeam\
- VBRCatalog Path
This path can be found in the registry under the value named CatalogPath in the keyHKLM\SOFTWARE\Veeam\Veeam Backup Catalog\
- NFS Path
This path can be found in the registry under the value named RootFolder in the keyHKLM\SOFTWARE\Wow6432Node\Veeam\Veeam NFS\
- C:\VeeamFLR\
- C:\Windows\Veeam\
- C:\ProgramData\Veeam\
This is the default log directory location, if the log directory path has been changed, the AV exclusion must be adjusted to match. - C:\Windows\Temp\*\veeamflr-*.flat
- C:\Windows\Temp\VeeamBackup\
- C:\Windows\Temp\VeeamBackupTemp\
- C:\Windows\Temp\veeamdumprecorder\
In Guest OS of protected Windows Machines:
If either Application-Aware Processing or Guest File System Indexing is enabled, the following folders will be used:
- %programdata%\Veeam\
- %windir%\VeeamVssSupport\
On SQL Servers, when SQL Server Transaction Log Backup is enabled, the following folder will be used:
- %windir%\VeeamLogShipper\
If using Persistent Agent Components, the Veeam Guest Agent package will be installed.
- C:\Program Files\Common Files\Veeam\Backup and Replication\Veeam Guest Agent\
In Guest OS of File-Level Restore Target Windows Machines:
When restoring files to the original machine or a different machine, the following folders are used:
- %programdata%\Veeam\
- %windir%\VeeamVssSupport\
Windows-based Backup Infrastructure Components
Below is a list of packages that may be installed on machines assigned Backup Infrastructure Component roles (e.g., VMware Bacup Proxy, WAN Accelerator, Windows Repository) and their associated AV exclusion requirements. Review which packages are installed on a given machine and create the AV exclusions based on which packages are installed.
General Folders
All Windows-based components use the following folders:
- C:\ProgramData\Veeam\
Default Log Folder - C:\Windows\Temp\Veeam\
- C:\Windows\Temp\VeeamBackupTemp\
Package Specific AV Exclusions
Package names are as listed within the Programs & Features list (appwiz.cpl).
Veeam Installer Service
- C:\Windows\Veeam\Backup\
Veeam Backup Transport
- C:\Program Files (x86)\Veeam\Backup Transport\
Veeam CDP Proxy
- C:\Program Files\Veeam\CDP Proxy Service\
- Veeam CDP Proxy Cache Folder (For VMware Backup Proxies assigned to act as CDP Proxies)
Default: C:\VeeamCDP\
Veeam Backup vPowerNFS
- C:\Program Files (x86)\Veeam\vPowerNFS\
- Instant recover write cache folder
Review each repository's Mount Server setting and add an AV exclusion for the write cache path on the Mount Server specified.
Veeam Hyper-V Integration
- C:\Program Files\Veeam\Hyper-V Integration\
Veeam Mount Service
- C:\Program Files\Common Files\Veeam\Backup and Replication\
- C:\VeeamFLR\
- C:\Windows\Temp\*\veeamflr-*.flat
- Backup Files Location or Backup File Extensions
When the machine is acting as a Windows Backup Repository. - Capacity Tier 'ArchiveIndex' Path
Veeam WAN Accelerator Service
- C:\Program Files\Veeam\WAN Accelerator Service\
- *WAN cache Path*
Veeam Remote Tape Access Service
- C:\Program Files (x86)\Veeam\Backup Tape\
Veeam Backup Cloud Gateway
- C:\Program Files (x86)\Veeam\Backup Gate\
Veeam Transaction Log Backup Service
- C:\Program Files\Common Files\Veeam\Backup and Replication\Log Backup Service\
Repository File Extensions:
- *.erm
- *.flat
- *.vab
- *.vbk
- *.vbk.tmp
- *.vblob
- *.vbm
- *.vbm_*tmp
- *.vcache
- *.vib
- *.vindex
- *.vlb
- *.vmdk
- *.vrb
- *.vsb
- *.vslice
- *.vsource
- *.vsourcecopy
- *.vsourcetemp
- *.vstore
- *.vstorecopy
- *.vstoretemp
More Information
Related Articles
- Antivirus Exclusions for Veeam Backup & Replication
- Antivirus Exclusions for Veeam ONE
- Antivirus Exclusions for Veeam Recovery Orchestrator
- Antivirus Exclusions for Veeam Agent for Microsoft Windows
- Antivirus Exclusions for Veeam Agent for Mac
- Antivirus Exclusions for Veeam Service Provider Console
- Antivirus Exclusions for Veeam Backup for Microsoft 365
- Antivirus Exclusions for Veeam Plugin for Microsoft SQL
Security Software on Linux
Due to the high variability in how each Security solution operates and may be configured, some Linux Administrators may find that no exclusions are needed. Yet others may find that their security policies may necessitate specific exclusions. With that in mind, we strongly encourage Linux administrators to review their security software's logging closely when issues occur and adjust rules/policies accordingly.
Veeam Support has observed that the most common issues occur when Antivirus has been configured to tightly secure the /tmp/ directory, which in turn causes conflicts with Veeam's use of the path /tmp/Veeam/ . For example, a Veeam Agent for Linux backup job may display the error "POSIX: Failed to open file [/dev/veeamimage1]." This error can be misleading at first as the path shown in the error does not appear related to /tmp/Veeam/, but in fact,/dev/veeamimage is symlinked to /tmp/Veeam/{guid}/
Below is a preliminary list of folders and executables that Veeam Support has identified:
- /dev/veeamimage*
- /etc/veeam/*
- /opt/veeam/*
- /tmp/veeamagent*
- /tmp/veeam/*
- /tmp/veeam/{*}
- /usr/bin/veeamconfig
- /usr/sbin/veeam*
Specific executables:- veeam
- veeamagent
- veeamjobman
- veeammount
- veeampsqlagent
- veeamservice
- veeamsupporttool
- veeam
- /var/lib/veeam/*
- /var/log/veeam/*
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.