cancel
Showing results for 
Search instead for 
Did you mean: 

Backup Exec 16 Process

BenyaminBaba
Level 2

Hello everyone,
In recent days, antivirus software has been installed on our server environment.
I get logs about copying files from these processors in the machines:
C: \ Windows \ System32 \ wbem \ WmiPrvSE.exe
c: \ windows \ system32 \ vds.exe
C: \ Program Files \ Veritas \ Backup Exec \ RAWS \ beremote.exe
c: \ program files \ veritas \ backup exec \ raws \ beremote.exe
c: \ windows \ system32 \ wbem \ wmiprvse.exe

I wanted to ask if the software uses these processors? Or should I worry about a break-in?

I must note that the logs come from other servers in the network ..
On these servers of course ran a backup.

I would appreciate your help..

3 REPLIES 3

PJ_Backup
Moderator
Moderator
Employee

Not sure I fully understand what you're asking, however please refer to the following technote regarding the list of anti-virus exclusions to configure for Backup Exec:
https://www.veritas.com/support/en_US/article.100046324

We would also recommend you upgrade to the latest version of BE (currently 21.4) as since 20.4 Backup Exec has had a new feature called “Ransomware Resilience”.which provides an extra layer of security by blocking any non-Veritas process from writing to a backup disk or deduplication storage location. More info here:
https://www.veritas.com/support/en_US/article.100049101 

if this is what you were referring to when you mentioned a break-in.

Hi thanks for the answer,
What you sent me is a List of Anti-virus exclusions to configure for Backup Exec, and I need to know what the guest server exceptions are in the backup.

PJ_Backup
Moderator
Moderator
Employee

The third section of that technote does refer to remote clients (for processes) though I would be tempted to use the same exclusions as for the Backup Exec server - but only the files/folders/processes where they actually exist on the remote server, if that makes sense.