According to Veeam, the new Veeam Threat Hunter service scanning process might be interrupted by existing antivirus software on mount hosts. To prevent interference from security software, the following folder should be excluded on all Mount Servers. As you can see, they have recommended the exclusion of the folder “Threat Hunter”. Therefore, in this article, I will show you the steps to mitigate Veeam Threat Hunter Service Scanning Interference. Please see how to Unable to Turn Bluetooth On or Off on Mac, and how to configure and validate Exclusions for Microsoft Defender Antivirus scans.
Veeam Threat Hunter is a signature-based scan engine provided by Veeam. It is used as an alternative to third-party antivirus software to scan the restore points. The Veeam Threat Hunter Service is automatically installed on a mount server and runs in the background.
Note: According to Gostev response to this question “Will I be good to install? Or do I need to add the exclusions in CrowdStrike?” on Reddit, and I quote, “Hard to say before you try installing. Impossible to predict what any given 3rd party antivirus software will treat as suspicious. But if you never had to do this before so most likely you will not have issues also this time.“.
Please click Next to proceed. A lot of customers have not had the need to create an exception, while others do.
Please see how to Permit a Blocked File or App in Windows Security Manually, how to How to restore quarantined files in Microsoft Defender Antivirus, and how to install and configure Veeam Backup and Replication Community Edition.
Create an Exception on Windows Defender Firewall
My take is if you are not having issues with it, you should also create an exception, as this is recommended by Veeam. For those using Windows Defender and feel the need to create an exclusion, below are the steps to follow.
To prevent Windows Defender from blocking the Veeam Threat Hunter service scanning process. Press Win + S, type Windows Security, and open it. Then click on “Virus & threat protection”
Scroll down and click “Manage settings” under Virus & threat protection settings.
Under “Exclusions”, click “Add or remove exclusions”.
Hit the “Add an exclusion” button
Select “Folder” according to the documentation and naviagte to the path below.
C:\Program Files\Veeam\Backup and Replication\Threat Hunter\
Please select the Threat Hunter Folder as shown below
As you can see below, we have successfully excluded the Threat Hunter Folder as recommended in the following kb1999 article.
Do not forget to restart the Veeam Threat Hunter service using the command below or directly from the Services Manager
Start-Service -Name "VeeamThreatHunter"
Please see Upgrade Veeam Backup and Replication to version 12.2, how to update Veeam Backup and Replication [VBR], and how to stay protected on Windows 10 and 11 device with Windows Security.
Add Threat Hunter Exceptions Via PowerShell
Please use the command below if you prefer working with PowerShell. Ensure you run PowerShell as an Administrator as shown below.
Add-MpPreference -ExclusionPath "C:\Program Files\Veeam\Backup and Replication\Threat Hunter\"
Enable Malware Detection Settings
To enable this feature, navigate to the Veeam Console main menu > Malware Detection > Signature Detection tab or use the alternative step below.
I hope you found this article very useful on how to mitigate Veeam Threat Hunter Service Scanning Interference.
