[KB6718] ESET Virtualization Security for VMware NSX – Infected files are not cleaned when using a backup software

Issue

  • Backup software fails to complete backup task or hangs during backup
  • Source file is not cleaned if infected

Solution

Workaround

Run an On-demand scan on directories to be backed up before each manual or scheduled backup task. This should ensure that during a backup that no suspicious files are present and the backup will complete successfully.

Details

Most backup software used Shadow copy technology (it allows copies of files/volumes while in use to be made) and integrity check. Before backup, a snapshot of each file to be backed up is created (or a volume snapshot is created if entire volume is about to be backed up) and then the files are backed up from the created snapshot. However, VMware Guest Introspection is not able to detect creation of file snapshots, so the original files are not checked against malware during this operation. But if there is some infection inside a snapshot, access to the corresponding file in a volume snapshot is denied and the infection is cleaned by EVS. However, some backup software is not ready for the access to a file be denied or the file to be modified, therefore they either freeze or encounter errors as they check the file for integrity (for instance they report missing files, etc.).