Free VPS Trial, no credit card required
Learn More



Scanning for Malware without affecting y...

Scanning for Malware without affecting your Machine’s Real-time activities and Performance

Published on September 14, 2020

Malware infects backups quite often. Some companies can scan backups in a centralized location but it takes a lot of time to perform consecutive regular scans. Active malware can also infect unpatched disk images all over again. Daily or even
weekly full disk on-demand scans take a lot of time and often can’t be done in non-working time, meaning employees are constantly disturbed by scans and can lose productivity.

A typical systems administrator has to deal with a lot of machines and their corresponding backups. As part of that work, they need to deal with all of the issues mentioned above and be prepared for other challenges. For example, backed up system drives aren’t the only components susceptible to malware. A device’s OS and third-party apps can also become gateways of infection.

Backup and anti-malware are two essential parts of a modern endpoint security posture. While scanning for malware is usually performed before doing a backup, there are many cases when malware makes its way into backup images. This can happen because of the limited detection capabilities of an average anti-malware solution or because a backup was done before the anti-malware scan.

Full scans of large archives (including backups) to detect malware require considerable time and computational resources. As a result, they’re often not an efficient use of time and resources. That said, scanning archives becomes especially critical if the archives are not stored locally, but in cloud storage, because the speed of access to an archive in the cloud may be significantly slower than accessing a local storage device (depending on the speed of the network or communication channel being used, and/or how heavily-loaded the channel is). Additionally, if any viruses and/or malicious files are found in the archive, the archive is considered damaged or infected, and may not be suitable for use in a system recovery or for file and data extraction.

Historically, to avoid restoring data that’s infected, archives were periodically scanned with anti-virus scanners during storage, when new slices are added to the archive, and/or before restoring the data. However, today there is no solution that allows for custom archive scans in terms of timing or scope. Instead, solutions are forced to scan the entire archive. Furthermore, damaged or infected data in archives cannot be repaired.

Patching machines and applying the latest anti-malware definitions allows sysadmins to restore an OS image that’s ready to withstand a reoccurring infection. To scan backups for malware effectively and properly in a centralized location is another necessary step to ensure safe restores and safe data storage. This is what NetShop’s Cyber Protect solution (powered by Acronis) provides.

Through Acronis Cyber Protect, users can scan full disk backups at a centralized location (Acronis Cloud or onpremises server with the ability to expand support for Amazon, Google, Microsoft, or any other popular cloud storage environment in the future) to find potential vulnerabilities and malware infections, thus ensuring a malware-free backup for a malware-free restore, should it become necessary.

It is now possible to inspect not only one big backup but also archived slices for malware. We can mount the first slice of a plurality of slices in a backup archive to a disk, wherein the first slice is an image of user data for the first time. Acronis technology can detect a modified block of the mounted slice, identify files in the mounted first slice that correspond to the detected modified block, and scan specific files for viruses and other malicious software. This approach also allows Acronis to generate a cured slice that comprises the user data of the mounted first slice without the inclusion of malicious files. By scanning in centralized locations, Acronis Cyber Protect allows users to:

  • Reduce loads on client endpoints
  • Restore only clean data
  • Increase the potential of rootkit and bootkit detections (which are not easily detected during the first on-access or on-demand scans)
TIP: Do quick scans of endpoints and the remaining scan in the centralized location after backup. This ensures you don’t need to compromise between performance and security with Acronis Cyber Protect.

Contact our Cyber Security Specialists today for a free consultation and instant access to your Cyber Protect account.