What happens if malware is detected during a Secure Restore?

Administrators can choose to proceed with the restore but disable network access to contain the threat, or abort the restore completely and automatically search for the last clean backup restore point.

Can I restore VMs directly to the cloud after a ransomware attack?

Yes, Veeam Data Platform allows direct restore to cloud environments, which is valuable when on-premises servers are unavailable due to forensic investigations or cyber insurance requirements.

Secure VM Recovery with Malware Scanning & YARA Rules

Name: Secure VM Recovery with Malware Scanning & YARA Rules
Uploaded: 2026-05-08T19:18:16-04:00
Duration: 3 min 18 s
Description: サイバー攻撃を受けてVMを復旧しても、脅威が残っていては意味がありません。セキュアリストアなら、VMを完全に復旧する前にマルウェアスキャンやYARAによるスキャンを実行することができます。こちらのデモでは、自信を持ってリストアを行い、再感染を防ぐ方法を解説します。

Veeam

05/08/2026

0 (0%)

Report Like Favorite

Transcript

When enterprises are hit with a cyber attack, they need to get back up and running fast. One of the biggest challenges with a fast recovery is ensuring that you do not reintroduce the threat that took your environment down. With the Veeam Data Platform, backup administrators and security teams alike have tremendous capabilities when it comes to ensuring that your data is restored fast and in a secure manner. Let's take a look at what a security-driven recovery process looks like. When it comes to restoring data, we have many options to choose from. For NAS and file share, we can instantly restore these, allowing users to get back up and running immediately. Similarly, Veeam Data Platform can protect physical or cloud workloads with our various Let's take a look at restoring a virtual workload in a secured manner. We can restore either from a replica or a backup, providing you the ability to get very low RPO. Additionally, sometimes you may not need to restore the entire system. With the ability to restore specific disks, files, or application-level items, backup administrators can have the granularity that they desire. Note here that I can restore directly to the cloud. This is a key benefit, particularly after a ransomware attack. In those cases, although your servers might still be powered on, forensic investigations or cyber insurance requirements may prevent you from actually using them. Having the ability to restore directly to the cloud provides you with the flexibility that you need during a disaster. Let's instantly recover Veeam back to our vSphere environment. Should a task such as a forensic investigation be required, you can restore to a new location, allowing you to choose the best-suited option. The Secure Restore function provides you with multiple capabilities. Here we can opt to perform an antivirus scan as part of the process. For situations where antivirus may not be enough, security teams can leverage YARA rules to uncover threats that may exist within the system. Should a threat be detected, you can choose to proceed with the restore, but disable network access, or abort the restore completely. To automate the process of finding the last clean backup, we can also select this check box, which will iterate through all of the restore points until a clean one is found. At this point, the instant recovery process mounts a read-only version of the backup and writes all changes to a Delta disk. Once a clean recovery point is found, backup administrators can then migrate the workload to production. Veeam Data Platform provides backup administrators and security teams alike with the tools that they need to get their job done. When disaster does strike, you need to know that you can get your mission-critical data and systems back up and running in a fast and secured process. To learn more about this and many other industry-leading features, visit Veeam.com today. Veeam Data Platform Veeam.com

TL;DR

Veeam's Secure Restore integrates antivirus and YARA rule scanning directly into the VM recovery process to prevent reintroduction of threats after cyber attacks.
Administrators can restore virtual machines, NAS, file shares, and cloud workloads with granular options including disk-level, file-level, or application-level recovery.
The platform supports direct-to-cloud restore, providing flexibility when on-premises infrastructure is unavailable due to forensic investigations or insurance requirements.

Summary

This demonstration showcases Veeam Data Platform's Secure Restore capabilities for recovering virtual machines after a cyber attack without reintroducing threats. The video walks through the restore workflow, highlighting options for instant recovery of NAS, file shares, and virtual workloads with granular restore capabilities at the disk, file, or application level. A key focus is the Secure Restore function, which integrates antivirus scanning and YARA rule-based threat detection directly into the recovery process. Administrators can configure automated scanning to iterate through restore points until a clean backup is found, with options to disable network access or abort the restore if threats are detected. The demo also emphasizes the flexibility to restore directly to cloud environments, which is particularly valuable when on-premises infrastructure remains unavailable due to forensic investigations or cyber insurance requirements. The instant recovery process mounts read-only backups with delta disks for changes, allowing safe validation before migrating workloads to production.

Chapters

0:00 - Introduction to Secure Recovery
0:35 - Restore Options Overview
1:01 - Virtual Workload Restore Process
1:58 - Secure Restore Function Demo

Key Quotes

0:13 "One of the biggest challenges with a fast recovery is ensuring that you do not reintroduce the threat that took your environment down."
2:07 "For situations where antivirus may not be enough, security teams can leverage YARA rules to uncover threats that may exist within the system."
2:24 "To automate the process of finding the last clean backup, we can also select this check Box, which will iterate through all of the restore points until a clean one is found."

Categories:

Tags:

Show more Show less

Browse videos

Upcoming Webinar Calendar

06/23/2026

01:00 PM

06/23/2026

The AI-Powered VMware Alternative

https://www.truthinit.com/index.php/channel/2009/the-ai-powered-vmware-alternative/
06/24/2026

11:00 AM

06/24/2026

Accelerating Through AI: A Dynamic Webinar Series

https://www.truthinit.com/index.php/channel/2012/accelerating-through-ai-a-dynamic-webinar-series/
06/25/2026

01:00 PM

06/25/2026

Generative AI Security: Preventing AI from Becoming a Data Breach Multiplier

https://www.truthinit.com/index.php/channel/1998/generative-ai-security-preventing-ai-from-becoming-a-data-breach-multiplier/
06/30/2026

01:00 PM

06/30/2026

Mastering Active Directory Certificate Services for Long-Term Success

https://www.truthinit.com/index.php/channel/2018/mastering-active-directory-certificate-services-for-long-term-success/
07/01/2026

04:00 AM

07/01/2026

Integrating Security in AI: Automated Red Teaming Strategies for Private Models

https://www.truthinit.com/index.php/channel/1969/integrating-security-in-ai-automated-red-teaming-strategies-for-private-models/
07/01/2026

04:00 AM

07/01/2026

Schutz von KI in Anwendungen, Agenten und APIs.

https://www.truthinit.com/index.php/channel/2008/schutz-von-ki-in-anwendungen-agenten-und-apis/
07/01/2026

01:00 PM

07/01/2026

Preventing Your AI from Turning Against You: Essential Strategies

https://www.truthinit.com/index.php/channel/2021/preventing-your-ai-from-turning-against-you-essential-strategies/
07/02/2026

10:00 AM

07/02/2026

When the cloud goes dark: Resilience lessons from hybrid threats

https://www.truthinit.com/index.php/channel/2011/resilience-insights-from-hybrid-threats-when-the-cloud-faces-challenges/
07/07/2026

01:00 PM

07/07/2026

A Comprehensive Demonstration of DLP Solutions and Strategies

https://www.truthinit.com/index.php/channel/2030/a-comprehensive-demonstration-of-dlp-solutions-and-strategies/
07/09/2026

01:00 PM

07/09/2026

The HUMAN Experience: Empowering Trust Through Action and Engagement

https://www.truthinit.com/index.php/channel/2026/the-human-experience-empowering-trust-through-action-and-engagement/
07/14/2026

01:00 PM

07/14/2026

Crafting a Championship-Quality Security Team for Unmatched Defense

https://www.truthinit.com/index.php/channel/2025/crafting-a-championship-quality-security-team-for-unmatched-defense/
07/21/2026

04:00 AM

07/21/2026

Strategies for Managing AI Governance and Securing App-to-LLM API Traffic

https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
07/21/2026

01:00 PM

07/21/2026

HUMAN Dialogue: Insights from Attackers Revealed at the FIFA World Cup

https://www.truthinit.com/index.php/channel/2029/human-dialogue-insights-from-attackers-revealed-at-the-fifa-world-cup/
07/22/2026

06:30 AM

07/22/2026

Understanding the Dynamics of Data Privacy and Protection Regulations

https://www.truthinit.com/index.php/channel/2000/understanding-the-dynamics-of-data-privacy-and-protection-regulations/
07/28/2026

01:00 PM

07/28/2026

Illumio + Netskope: Zero Trust in the Age of AI Autonomy

https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
07/29/2026

04:00 AM

07/29/2026

Real-Time Strategies for Safeguarding Against Prompt Injections

https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
09/30/2026

04:00 AM

09/30/2026

AI Command Center: Optimizing Visibility and Control in Your Operations

https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/