Technical Tip: Veeam Backup & Replication fails sporadically with FortiEDR collector running in parallel

rduggal_FTNT · ‎11-29-2024

Description

This article describes how to exclude Veeam backup and replication processes from FortiEDR security monitoring.

Scope

Applies to both On-prem and cloud FortiEDR deployments.

Solution

Login to FortiEDR Manager -> Security Settings -> Exclusion Manager -> Add a new list and name it 'Veeam' -> Add the required collector group to it -> Add the following Process and Execution Prevention exclusions for each path:

On a Veeam Backup Server:

*\Program Files\Veeam\
*\Program Files\Veeam\*
*\Program Files (x86)\Veeam\
*\Program Files (x86)\Veeam\*
*\Program Files\Common Files\Veeam\
*\Program Files\Common Files\Veeam\*
*\Program Files (x86)\Common Files\Veeam\
*\Program Files (x86)\Common Files\Veeam\*
*\ProgramData\Veeam\
*\ProgramData\Veeam\*
*\VeeamFLR\
*\VeeamFLR\*
*\Windows\Veeam\
*\Windows\Veeam\*
*\ProgramData\Veeam\
*\ProgramData\Veeam\*
*\Windows\Temp\VeeamBackup\
*\Windows\Temp\VeeamBackup\*
*\Windows\Temp\VeeamBackupTemp\
*\Windows\Temp\VeeamBackupTemp\*
*\Windows\Temp\veeamdumprecorder\
*\Windows\Temp\veeamdumprecorder\*
*\Windows\TEMP\VeeamForeignSessionContext*\
*\Windows\TEMP\VeeamForeignSessionContext*\*

On the Guest OS of Protected Machines:

*\Program Files\Common Files\Veeam\Backup and Replication\Veeam Guest Agent\
*\Program Files\Common Files\Veeam\Backup and Replication\Veeam Guest Agent\*
*\programdata\Veeam\
*\programdata\Veeam\*
*\VeeamVssSupport\
*\VeeamVssSupport\*
*\VeeamVssSupport\
*\VeeamVssSupport\*
*\Windows\Temp\Veeam\
*\Windows\Temp\Veeam\*
*\Windows\Temp\VeeamBackupTemp\
*\Windows\Temp\VeeamBackupTemp\*
*\Windows\Veeam\Backup\
*\Windows\Veeam\Backup\*
*\Program Files (x86)\Veeam\Backup Transport\
*\Program Files (x86)\Veeam\Backup Transport\*
*\Program Files\Veeam\CDP Proxy Service\
*\Program Files\Veeam\CDP Proxy Service\*
*\Program Files\Common Files\Veeam\Backup and Replication\
*\Program Files\Common Files\Veeam\Backup and Replication\*
*\VeeamFLR\
*\VeeamFLR\*
*\Program Files\Common Files\Veeam\Backup and Replication\Log Backup Service\
*\Program Files\Common Files\Veeam\Backup and Replication\Log Backup Service\*

The following are required for Veeam Remote Tape access service:

*\Program Files (x86)\Veeam\Backup Tape\
*\Program Files (x86)\Veeam\Backup Tape\*

Below are required for Veeam backup cloud gateway:

*\Program Files (x86)\Veeam\Backup Gate\
*\Program Files (x86)\Veeam\Backup Gate\*

On SQL Servers when SQL Server Transaction Log Backup is enabled:

*\VeeamLogShipper\
*\VeeamLogShipper\*

For Veeam Hyper-V Integration:

*\Program Files\Veeam\Hyper-V Integration\
*\Program Files\Veeam\Hyper-V Integration\*

Example as below:

For more information about how to define an exclusion, refer to this document.

If there are still any problems encountered, open a new technical support ticket for further assistance: Support Fortinet.