Malware: Scanning Recovered VM Before Deploying to Production

Product version: 9.0

Last modified: 27 September 2019

When recovering from a virus attack, the recovered virtual machine’s data must be scanned with antivirus software before it is restored to the production environment. You can apply the following scenario to ensure the recovered virtual machine is free of malware:

  1. Prepare an antivirus installation or portable antivirus package that will be used to scan data on a recovered virtual machine.

    The software you plan to use must be up to date and contain the latest antivirus database updates.

  2. Create a virtual machine or take an existing one and add a new virtual hard disk to it. For more information, refer to the documentation for the hypervisor you use, for example, VMware vSphere.

  3. Format the newly created disk by using the Guest OS tools and upload your antivirus package to this disk. You will attach this disk to the restored virtual machine and run the antivirus software from it at a later stage.

  4. Using the existing backup, flash boot the virtual machine that you need to scan. Make sure to select the Not connect to any network option during the Destination step of the Flash VM Boot job creation wizard. Alternatively, select an isolated network from the drop-down list.

  5. Once the virtual machine is restored from a backup, attach the existing hard disk (one with the antivirus software) to it using your hypervisor’s capabilities, for example, VMware vSphere.

  6. Power on the restored virtual machine and run/install the antivirus software to scan and cure the data on that virtual machine.

  7. After the virtual machine is scanned and freed of malware, you need to migrate it to the production environment with the Recovering VMs Using Flash Boot functionality. A detailed description is available for VMware and Hyper-V in the User Guide.