Capture Client- Interoperability with Veeam Backup and Replication
03/26/2020 9 9041
This is a workaround to address Capture client Interoperability issues with Veeam Backup and Replication.
NOTE: If you deploy this solution, the Capture client (S1 Agent) will not be able to protect the affected endpoints from exploits directed at the application vulnerabilities.
1) Go to https://captureclient.sonicwall.com and login to using your MysonicWALL credentials
2) Navigate to Security Policies>capture client policies and add a custom capture client policy (if there are not custom policies already) and also add one custom threat protection policy (Ex:Veeam Exclusions)
3) Navigate to Security Policies>Threat Protection policy>click on edit button on that custom policy and elect exclusion type as Path and specify Veeam path, type in description and select OS type and click on Add. Turn Off Monitor option in each of the exclusions added.
4) Repeat the Step 3 to add all the following Veeam folders under exclusions.
A summary of the recommendations is to exclude these files and processes on all Veeam servers (including Veeam backup server, proxy server, repository server, WAN accelerator server, tape server, and others):
C:\Program Files\Common Files\Veeam
C:\Program Files(x86)\Common Files\Veeam
C:\Program Files\Veeam\Hyper-V Integration\VeeamHvWmiProxy.exe
VBRCatalog ([HKLM\SOFTWARE\Veeam\Veeam Backup Catalog] CatalogPath value)
NFS (Configured in each repository, stored in [HKLM\SOFTWARE\Wow6432Node\Veeam\Veeam NFS] RootFolder value)
All Veeam repository folders
All Veeam WAN accelerator folders
Folder on VM Guest OS (if VSS is used)
5) Navigate to Security Policies>Threat Protection and click edit button on the policy you have added and associate the capture client policy to which you would like to have the exclusions applied.
6) Navigate to Protect>Devices and update the policy to which you would like to have the exclusion policy pushed.