{"id":20255,"date":"2024-08-28T15:28:13","date_gmt":"2024-08-28T08:28:13","guid":{"rendered":"https:\/\/thegioifirewall.com\/?p=20255"},"modified":"2025-03-24T07:27:22","modified_gmt":"2025-03-24T07:27:22","slug":"phuong-phap-scan-inline-trong-veeam-backup-replication","status":"publish","type":"post","link":"https:\/\/vacif.com\/en\/phuong-phap-scan-inline-trong-veeam-backup-replication\/","title":{"rendered":"PH\u01af\u01a0NG PH\u00c1P SCAN INLINE TRONG VEEAM BACKUP &#038; REPLICATION"},"content":{"rendered":"\n<p><strong>1.Scan Inline&nbsp;<\/strong><\/p>\n\n\n\n<p>\u0110\u1ec3 qu\u00e9t c\u00e1c kh\u1ed1i trong lu\u1ed3ng d\u1eef li\u1ec7u (data stream), Veeam Backup &amp; Replication s\u1eed d\u1ee5ng ph\u00e2n t\u00edch entropy tr\u1ef1c tuy\u1ebfn. Trong qu\u00e1 tr\u00ecnh backup job, ho\u1ea1t \u0111\u1ed9ng ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i sau c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>C\u00e1c t\u1ec7p tin b\u1ecb m\u00e3 h\u00f3a b\u1edfi ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i: M\u1ed9t s\u1ef1 ki\u1ec7n ph\u00e1t hi\u1ec7n ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i s\u1ebd \u0111\u01b0\u1ee3c t\u1ea1o ra n\u1ebfu l\u01b0\u1ee3ng d\u1eef li\u1ec7u b\u1ecb m\u00e3 h\u00f3a v\u01b0\u1ee3t qu\u00e1 gi\u1edbi h\u1ea1n nh\u1ea1y c\u1ea3m c\u1ee7a qu\u00e1 tr\u00ecnh qu\u00e9t.<\/li>\n\n\n\n<li>C\u00e1c d\u1ea5u hi\u1ec7u v\u0103n b\u1ea3n \u0111\u01b0\u1ee3c t\u1ea1o ra b\u1edfi ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i:<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u0110\u1ecba ch\u1ec9 V3 onion bao g\u1ed3m 56 k\u00fd t\u1ef1 theo \u0111\u1ecbnh d\u1ea1ng [a-z2-7]{56}.onion. V\u00ed d\u1ee5: vykenniek4sagugiayj3z32rpyrinoadduprjtdy4wharue6cz7zudid.onion.<\/li>\n\n\n\n<li>C\u00e1c ghi ch\u00fa ransomware \u0111\u01b0\u1ee3c t\u1ea1o ra b\u1edfi Medusa v\u00e0 Clop.<\/li>\n<\/ul>\n\n\n\n<p>M\u1ed9t s\u1ef1 ki\u1ec7n ph\u00e1t hi\u1ec7n ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i s\u1ebd \u0111\u01b0\u1ee3c t\u1ea1o ra n\u1ebfu m\u1ed9t \u0111i\u1ec3m kh\u00f4i ph\u1ee5c (restore point) m\u1edbi ch\u1ee9a nhi\u1ec1u \u0111\u1ecba ch\u1ec9 onion ho\u1eb7c ghi ch\u00fa ransomware h\u01a1n so v\u1edbi \u0111i\u1ec3m kh\u00f4i ph\u1ee5c tr\u01b0\u1edbc \u0111\u00f3 \u0111\u01b0\u1ee3c ch\u1ecdn \u0111\u1ec3 so s\u00e1nh. N\u1ebfu c\u1ea3 hai \u0111i\u1ec3m kh\u00f4i ph\u1ee5c ch\u1ee9a c\u00f9ng s\u1ed1 l\u01b0\u1ee3ng \u0111\u1ecba ch\u1ec9 onion ho\u1eb7c ghi ch\u00fa ransomware, m\u1ed9t s\u1ef1 ki\u1ec7n ph\u00e1t hi\u1ec7n ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i s\u1ebd kh\u00f4ng \u0111\u01b0\u1ee3c t\u1ea1o ra.&nbsp;<\/p>\n\n\n\n<p><strong>L\u01b0u \u00fd<\/strong>: Scan Inline b\u1ecb t\u1eaft theo m\u1eb7c \u0111\u1ecbnh khi b\u1ea1n c\u00e0i \u0111\u1eb7t ho\u1eb7c n\u00e2ng c\u1ea5p l\u00ean Veeam Backup &amp; Replication 12.1 (build 12.1.0.2131). N\u1ebfu b\u1ea1n mu\u1ed1n s\u1eed d\u1ee5ng ch\u1ee9c n\u0103ng n\u00e0y, h\u00e3y l\u01b0u \u00fd r\u1eb1ng n\u00f3 c\u00f3 th\u1ec3 t\u0103ng m\u1ee9c s\u1eed d\u1ee5ng CPU (trung b\u00ecnh 10-15%) tr\u00ean backup proxy ho\u1eb7c Veeam agent t\u00f9y thu\u1ed9c v\u00e0o lo\u1ea1i kh\u1ed1i l\u01b0\u1ee3ng c\u00f4ng vi\u1ec7c v\u00e0 l\u01b0\u1ee3ng d\u1eef li\u1ec7u.<\/p>\n\n\n\n<p><strong>2.C\u00e1c t\u00ecnh hu\u1ed1ng \u0111\u01b0\u1ee3c h\u1ed7 tr\u1ee3<\/strong><\/p>\n\n\n\n<p>B\u1ea1n c\u00f3 th\u1ec3 qu\u00e9t c\u00e1c kh\u1ed1i trong lu\u1ed3ng d\u1eef li\u1ec7u khi sao l\u01b0u c\u00e1c m\u00e1y sau:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>C\u00e1c m\u00e1y \u1ea3o VMware bao g\u1ed3m c\u00e1c m\u00e1y \u1ea3o VMware Cloud Director<\/li>\n\n\n\n<li>C\u00e1c m\u00e1y \u1ea3o Hyper-V<\/li>\n\n\n\n<li>C\u00e1c m\u00e1y s\u1eed d\u1ee5ng Veeam Agent for Microsoft Windows ho\u1ea1t \u0111\u1ed9ng trong ch\u1ebf \u0111\u1ed9 \u0111\u01b0\u1ee3c qu\u1ea3n l\u00fd b\u1edfi backup server (volume-level backup only)<\/li>\n<\/ul>\n\n\n\n<p><strong>3.Y\u00eau c\u1ea7u v\u00e0 h\u1ea1n ch\u1ebf<\/strong><\/p>\n\n\n\n<p>Scan inline c\u00f3 c\u00e1c y\u00eau c\u1ea7u v\u00e0 h\u1ea1n ch\u1ebf sau:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>T\u00ednh n\u0103ng qu\u00e9t ch\u1ec9 \u0111\u01b0\u1ee3c h\u1ed7 tr\u1ee3 cho c\u00e1c \u1ed5 \u0111\u0129a \u0111\u01a1n gi\u1ea3n v\u00e0 cho c\u00e1c h\u1ec7 th\u1ed1ng t\u1ec7p sau: NTFS, ext4, ext3, ext2.<\/li>\n\n\n\n<li>Qu\u00e9t \u1ed5 \u0111\u0129a \u0111\u1ed9ng v\u00e0 \u1ed5 \u0111\u0129a \u0111\u01b0\u1ee3c m\u00e3 h\u00f3a b\u1edfi BitLocker kh\u00f4ng \u0111\u01b0\u1ee3c h\u1ed7 tr\u1ee3.<\/li>\n\n\n\n<li>\u0110\u1ec3 l\u01b0u tr\u1eef d\u1eef li\u1ec7u ransomware, b\u1ea1n c\u1ea7n c\u00f3 \u0111\u1ee7 dung l\u01b0\u1ee3ng \u1ed5 \u0111\u0129a tr\u00ean m\u00e1y ch\u1ee7 d\u1ef1 ph\u00f2ng. Vi\u1ec7c t\u00ednh to\u00e1n dung l\u01b0\u1ee3ng \u1ed5 \u0111\u0129a d\u1ef1a tr\u00ean d\u1eef li\u1ec7u sau:\n<ul class=\"wp-block-list\">\n<li>S\u1ed1 l\u01b0\u1ee3ng m\u00e1y.<\/li>\n\n\n\n<li>Dung l\u01b0\u1ee3ng \u0111\u0129a \u0111\u00e3 s\u1eed d\u1ee5ng tr\u00ean m\u1ed7i m\u00e1y.<\/li>\n\n\n\n<li>S\u1ed1 \u0111i\u1ec3m kh\u00f4i ph\u1ee5c tr\u00ean m\u1ed7i m\u00e1y.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p>Vi\u1ec7c l\u01b0u tr\u1eef d\u1eef li\u1ec7u ransomware tr\u00ean m\u1ed7i m\u00e1y c\u1ea7n kho\u1ea3ng 270 KB dung l\u01b0\u1ee3ng \u1ed5 \u0111\u0129a tr\u00ean backup server cho m\u1ed7i 10 GB dung l\u01b0\u1ee3ng \u1ed5 \u0111\u0129a \u0111\u00e3 s\u1eed d\u1ee5ng nh\u00e2n v\u1edbi s\u1ed1 \u0111i\u1ec3m kh\u00f4i ph\u1ee5c.<\/p>\n\n\n\n<p>V\u00ed d\u1ee5: m\u1ed9t m\u00e1y c\u00f3 200 GB dung l\u01b0\u1ee3ng \u0111\u00e3 s\u1eed d\u1ee5ng v\u00e0 10 \u0111i\u1ec3m kh\u00f4i ph\u1ee5c. Vi\u1ec7c l\u01b0u tr\u1eef d\u1eef li\u1ec7u ransomware cho m\u00e1y n\u00e0y c\u1ea7n 54 MB (270 KB * 20 * 10 \u0111i\u1ec3m kh\u00f4i ph\u1ee5c).<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>C\u00e1c d\u1ea5u hi\u1ec7u v\u0103n b\u1ea3n s\u1ebd ch\u1ec9 \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n n\u1ebfu c\u00e1c \u0111i\u1ec1u ki\u1ec7n sau \u0111\u01b0\u1ee3c \u0111\u00e1p \u1ee9ng:\n<ul class=\"wp-block-list\">\n<li>K\u00edch th\u01b0\u1edbc kh\u1ed1i c\u1ee7a h\u1ec7 th\u1ed1ng t\u1ec7p l\u00e0 4 KB.<\/li>\n\n\n\n<li>T\u1ec7p v\u0103n b\u1ea3n c\u00f3 m\u00e3 h\u00f3a UTF-8.<\/li>\n\n\n\n<li>T\u1ec7p v\u0103n b\u1ea3n kh\u00f4ng \u0111\u01b0\u1ee3c l\u01b0u tr\u1eef trong Master File Table (MFT).<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Vi\u1ec7c ph\u00e1t hi\u1ec7n ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i \u1edf tr\u1ea1ng th\u00e1i &#8220;sleeping&#8221; kh\u00f4ng \u0111\u01b0\u1ee3c h\u1ed7 tr\u1ee3.<\/li>\n\n\n\n<li>M\u1ed9t s\u1ed1 lo\u1ea1i t\u1ec7p c\u00f3 th\u1ec3 b\u1ecb \u0111\u00e1nh d\u1ea5u nh\u1ea7m l\u00e0 \u0111\u00e1ng ng\u1edd trong qu\u00e1 tr\u00ecnh qu\u00e9t tr\u1ef1c tuy\u1ebfn scan inline, v\u00ed d\u1ee5 nh\u01b0 c\u00e1c g\u00f3i Linux n\u00e9n b\u1eb1ng LZMA, c\u00e1c t\u1ec7p \u0111\u01b0\u1ee3c m\u00e3 h\u00f3a b\u1eb1ng Windows EFS, c\u00e1c t\u1ec7p ISO c\u1ee5 th\u1ec3,.. N\u1ebfu b\u1ea1n c\u00f3 nh\u1eefng t\u1ec7p nh\u01b0 v\u1eady, b\u1ea1n c\u00f3 th\u1ec3 \u0111\u00e1nh d\u1ea5u c\u00e1c s\u1ef1 ki\u1ec7n ph\u00e1t hi\u1ec7n ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i li\u00ean quan l\u00e0 d\u01b0\u01a1ng t\u00ednh gi\u1ea3 (false-positive).<\/li>\n<\/ul>\n\n\n\n<p><strong>4.C\u00e1ch scan inline ho\u1ea1t \u0111\u1ed9ng<\/strong><\/p>\n\n\n\n<p>\u0110\u1ec3 scan inline, t\u00ednh n\u0103ng ph\u00e1t hi\u1ec7n ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i ho\u1ea1t \u0111\u1ed9ng theo c\u00e1ch sau:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Trong qu\u00e1 tr\u00ecnh sao l\u01b0u, Veeam Backup &amp; Replication ph\u00e2n t\u00edch si\u00eau d\u1eef li\u1ec7u c\u1ee7a c\u00e1c kh\u1ed1i d\u1eef li\u1ec7u v\u00e0 l\u01b0u tr\u1eef d\u1eef li\u1ec7u ransomware trong th\u01b0 m\u1ee5c t\u1ea1m th\u1eddi tr\u00ean backup proxy. M\u1ed9t t\u1ec7p tin \u1edf \u0111\u1ecbnh d\u1ea1ng RIDX \u0111\u01b0\u1ee3c t\u1ea1o cho m\u1ed7i \u0111\u0129a v\u00e0 ch\u1ee9a c\u00e1c th\u00f4ng tin sau:\n<ul class=\"wp-block-list\">\n<li>Si\u00eau d\u1eef li\u1ec7u c\u1ee7a \u0111\u0129a (t\u00ean \u0111\u0129a, th\u1eddi gian t\u1ea1o, dung l\u01b0\u1ee3ng \u0111\u0129a, dung l\u01b0\u1ee3ng \u0111\u00e3 s\u1eed d\u1ee5ng, k\u00edch th\u01b0\u1edbc sector, b\u1ea3ng ph\u00e2n v\u00f9ng)<\/li>\n\n\n\n<li>D\u1eef li\u1ec7u ransomware cho m\u1ed7i kh\u1ed1i d\u1eef li\u1ec7u (d\u1eef li\u1ec7u m\u00e3 h\u00f3a, lo\u1ea1i t\u1ec7p tin, \u0111\u1ecba ch\u1ec9 onion, ghi ch\u00fa ransomware)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p>L\u01b0u \u00fd: N\u1ebfu c\u00e1c ti\u00eau \u0111\u1ec1 LZMA \u0111\u01b0\u1ee3c t\u00ecm th\u1ea5y, ch\u00fang s\u1ebd b\u1ecb lo\u1ea1i tr\u1eeb kh\u1ecfi t\u00ednh to\u00e1n d\u1eef li\u1ec7u m\u00e3 h\u00f3a \u0111\u1ec3 gi\u1ea3m thi\u1ec3u s\u1ed1 l\u01b0\u1ee3ng c\u00e1c s\u1ef1 ki\u1ec7n d\u01b0\u01a1ng t\u00ednh gi\u1ea3.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Khi backup job ho\u00e0n t\u1ea5t, d\u1eef li\u1ec7u ransomware \u0111\u01b0\u1ee3c l\u01b0u trong th\u01b0 m\u1ee5c VBRCatalog tr\u00ean backup server. Theo m\u1eb7c \u0111\u1ecbnh, \u0111\u01b0\u1eddng d\u1eabn l\u00e0 %volume%:\\VBRCatalog\\Index\\Machines%machine_name%%date%%guid%\\ransomwareidx. Veeam Guest Catalog Service s\u1ebd th\u00f4ng b\u00e1o cho Veeam Data Analyzer Service v\u1ec1 d\u1eef li\u1ec7u m\u1edbi c\u1ea7n \u0111\u01b0\u1ee3c qu\u00e9t.<\/li>\n\n\n\n<li>Veeam Data Analyzer Service ki\u1ec3m tra k\u1ebft qu\u1ea3 qu\u00e9t g\u1ea7n nh\u1ea5t trong t\u1ec7p tin RansomwareIndexAnalyzeState.xml n\u1eb1m trong th\u01b0 m\u1ee5c VBRCatalog v\u00e0 kh\u1edfi t\u1ea1o m\u1ed9t qu\u00e1 tr\u00ecnh qu\u00e9t tr\u1ef1c tuy\u1ebfn m\u1edbi. Qu\u00e1 tr\u00ecnh qu\u00e9t c\u0169ng \u0111\u01b0\u1ee3c kh\u1edfi t\u1ea1o n\u1ebfu Veeam Data Analyzer Service nh\u1eadn \u0111\u01b0\u1ee3c d\u1eef li\u1ec7u l\u1eadp ch\u1ec9 m\u1ee5c m\u1edbi sau khi d\u1ecbch v\u1ee5 b\u1eaft \u0111\u1ea7u.<\/li>\n\n\n\n<li>Trong qu\u00e1 tr\u00ecnh qu\u00e9t, Veeam Data Analyzer Service so s\u00e1nh \u0111i\u1ec3m kh\u00f4i ph\u1ee5c m\u1edbi v\u1edbi \u0111i\u1ec3m kh\u00f4i ph\u1ee5c s\u1edbm nh\u1ea5t \u0111\u01b0\u1ee3c t\u1ea1o trong 25 gi\u1edd qua. V\u00ed d\u1ee5, hai \u0111i\u1ec3m kh\u00f4i ph\u1ee5c \u0111\u01b0\u1ee3c t\u1ea1o ra 10 v\u00e0 5 gi\u1edd tr\u01b0\u1edbc. \u0110i\u1ec3m kh\u00f4i ph\u1ee5c m\u1edbi s\u1ebd \u0111\u01b0\u1ee3c so s\u00e1nh v\u1edbi \u0111i\u1ec3m kh\u00f4i ph\u1ee5c \u0111\u01b0\u1ee3c t\u1ea1o ra 10 gi\u1edd tr\u01b0\u1edbc.<\/li>\n\n\n\n<li>N\u1ebfu \u0111i\u1ec3m kh\u00f4i ph\u1ee5c tr\u01b0\u1edbc \u0111\u00f3 kh\u00f4ng \u0111\u01b0\u1ee3c t\u1ea1o trong 25 gi\u1edd qua, d\u1ecbch v\u1ee5 s\u1ebd c\u1ed1 g\u1eafng t\u00ecm \u0111i\u1ec3m kh\u00f4i ph\u1ee5c g\u1ea7n nh\u1ea5t \u0111\u01b0\u1ee3c t\u1ea1o ra trong 30 ng\u00e0y qua. V\u00ed d\u1ee5, hai \u0111i\u1ec3m kh\u00f4i ph\u1ee5c \u0111\u01b0\u1ee3c t\u1ea1o ra c\u00e1ch \u0111\u00e2y 2 ng\u00e0y v\u00e0 10 ng\u00e0y. \u0110i\u1ec3m kh\u00f4i ph\u1ee5c m\u1edbi s\u1ebd \u0111\u01b0\u1ee3c so s\u00e1nh v\u1edbi \u0111i\u1ec3m kh\u00f4i ph\u1ee5c \u0111\u01b0\u1ee3c t\u1ea1o ra c\u00e1ch \u0111\u00e2y 2 ng\u00e0y.<\/li>\n\n\n\n<li>Veeam Data Analyzer Service so s\u00e1nh c\u00e1c t\u1ec7p RIDX cu\u1ed1i c\u00f9ng v\u00e0 tr\u01b0\u1edbc \u0111\u00f3, \u0111\u1ed3ng th\u1eddi c\u1eadp nh\u1eadt t\u1ec7p RansomwareIndexAnalyzeState.xml. N\u1ebfu ph\u00e1t hi\u1ec7n ho\u1ea1t \u0111\u1ed9ng c\u1ee7a ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i, d\u1ecbch v\u1ee5 s\u1ebd t\u1ea1o s\u1ef1 ki\u1ec7n ph\u00e1t hi\u1ec7n ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i v\u00e0 \u0111\u00e1nh d\u1ea5u c\u00e1c \u0111\u1ed1i t\u01b0\u1ee3ng l\u00e0 \u0111\u00e1ng ng\u1edd.<\/li>\n\n\n\n<li>N\u1ebfu kh\u00f4ng t\u00ecm th\u1ea5y t\u1ec7p RIDX tr\u01b0\u1edbc \u0111\u00f3, Veeam Data Analyzer Service s\u1ebd th\u1ef1c hi\u1ec7n thao t\u00e1c \u0111\u1ecdc to\u00e0n b\u1ed9 \u0111\u0129a \u0111\u1ec3 t\u1ea1o t\u1ec7p RIDX. Trong tr\u01b0\u1eddng h\u1ee3p n\u00e0y, phi\u00ean c\u00f4ng vi\u1ec7c s\u1ebd k\u00e9o d\u00e0i h\u01a1n b\u00ecnh th\u01b0\u1eddng nh\u01b0ng k\u00edch th\u01b0\u1edbc c\u1ee7a t\u1ec7p sao l\u01b0u gia t\u0103ng s\u1ebd kh\u00f4ng b\u1ecb \u1ea3nh h\u01b0\u1edfng. Trong qu\u00e1 tr\u00ecnh ho\u1ea1t \u0111\u1ed9ng n\u00e0y, t\u00f9y ch\u1ecdn Theo d\u00f5i kh\u1ed1i \u0111\u00e3 thay \u0111\u1ed5i (CBT) s\u1ebd kh\u00f4ng \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng.<\/li>\n\n\n\n<li>Thao t\u00e1c \u0111\u1ecdc to\u00e0n b\u1ed9 \u0111\u0129a c\u0169ng s\u1ebd \u0111\u01b0\u1ee3c th\u1ef1c hi\u1ec7n n\u1ebfu b\u1ea1n th\u00eam \u0111\u0129a m\u1edbi v\u00e0o VM.<\/li>\n<\/ul>\n\n\n\n<p><strong>5.K\u00edch ho\u1ea1t scan inline&nbsp;<\/strong><\/p>\n\n\n\n<p>\u0110\u1ec3 b\u1eadt scan inline, h\u00e3y l\u00e0m nh\u01b0 sau:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>T\u1eeb menu ch\u00ednh, ch\u1ecdn <strong>Malware Detection<\/strong> > <strong>General.<\/strong><\/li>\n\n\n\n<li>\u1edf <strong>Encryption detection<\/strong> > <strong>Enable inline entropy analysis.<\/strong><\/li>\n\n\n\n<li>Ch\u1ec9 \u0111\u1ecbnh \u0111\u1ed9 nh\u1ea1y qu\u00e9t t\u00f9y thu\u1ed9c v\u00e0o d\u1eef li\u1ec7u sao l\u01b0u v\u00e0 kh\u1ea3 n\u0103ng c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng sao l\u01b0u c\u1ee7a b\u1ea1n. Gi\u00e1 tr\u1ecb m\u1eb7c \u0111\u1ecbnh l\u00e0 Normal.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"709\" height=\"517\" src=\"http:\/\/aws.vacif.com\/wp-content\/uploads\/sites\/3\/2024\/08\/scan-inline-trong-veeam-backup-replication.png\" alt=\"\" class=\"wp-image-20257\" srcset=\"https:\/\/vacif.com\/en\/wp-content\/uploads\/sites\/3\/2024\/08\/scan-inline-trong-veeam-backup-replication.png 709w, https:\/\/vacif.com\/en\/wp-content\/uploads\/sites\/3\/2024\/08\/scan-inline-trong-veeam-backup-replication-600x438.png 600w, https:\/\/vacif.com\/en\/wp-content\/uploads\/sites\/3\/2024\/08\/scan-inline-trong-veeam-backup-replication-300x219.png 300w\" sizes=\"auto, (max-width: 709px) 100vw, 709px\" \/><\/figure>\n\n\n\n<p><strong>x<\/strong><\/p>\n\n\n\n<p><strong>1.Scan Inline&nbsp;<\/strong><\/p>\n\n\n\n<p>\u0110\u1ec3 qu\u00e9t c\u00e1c kh\u1ed1i trong lu\u1ed3ng d\u1eef li\u1ec7u (data stream), Veeam Backup &amp; Replication s\u1eed d\u1ee5ng ph\u00e2n t\u00edch entropy tr\u1ef1c tuy\u1ebfn. Trong qu\u00e1 tr\u00ecnh backup job, ho\u1ea1t \u0111\u1ed9ng ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i sau c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>C\u00e1c t\u1ec7p tin b\u1ecb m\u00e3 h\u00f3a b\u1edfi ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i: M\u1ed9t s\u1ef1 ki\u1ec7n ph\u00e1t hi\u1ec7n ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i s\u1ebd \u0111\u01b0\u1ee3c t\u1ea1o ra n\u1ebfu l\u01b0\u1ee3ng d\u1eef li\u1ec7u b\u1ecb m\u00e3 h\u00f3a v\u01b0\u1ee3t qu\u00e1 gi\u1edbi h\u1ea1n nh\u1ea1y c\u1ea3m c\u1ee7a qu\u00e1 tr\u00ecnh qu\u00e9t.<\/li>\n\n\n\n<li>C\u00e1c d\u1ea5u hi\u1ec7u v\u0103n b\u1ea3n \u0111\u01b0\u1ee3c t\u1ea1o ra b\u1edfi ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i:<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u0110\u1ecba ch\u1ec9 V3 onion bao g\u1ed3m 56 k\u00fd t\u1ef1 theo \u0111\u1ecbnh d\u1ea1ng [a-z2-7]{56}.onion. V\u00ed d\u1ee5: vykenniek4sagugiayj3z32rpyrinoadduprjtdy4wharue6cz7zudid.onion.<\/li>\n\n\n\n<li>C\u00e1c ghi ch\u00fa ransomware \u0111\u01b0\u1ee3c t\u1ea1o ra b\u1edfi Medusa v\u00e0 Clop.<\/li>\n<\/ul>\n\n\n\n<p>M\u1ed9t s\u1ef1 ki\u1ec7n ph\u00e1t hi\u1ec7n ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i s\u1ebd \u0111\u01b0\u1ee3c t\u1ea1o ra n\u1ebfu m\u1ed9t \u0111i\u1ec3m kh\u00f4i ph\u1ee5c (restore point) m\u1edbi ch\u1ee9a nhi\u1ec1u \u0111\u1ecba ch\u1ec9 onion ho\u1eb7c ghi ch\u00fa ransomware h\u01a1n so v\u1edbi \u0111i\u1ec3m kh\u00f4i ph\u1ee5c tr\u01b0\u1edbc \u0111\u00f3 \u0111\u01b0\u1ee3c ch\u1ecdn \u0111\u1ec3 so s\u00e1nh. N\u1ebfu c\u1ea3 hai \u0111i\u1ec3m kh\u00f4i ph\u1ee5c ch\u1ee9a c\u00f9ng s\u1ed1 l\u01b0\u1ee3ng \u0111\u1ecba ch\u1ec9 onion ho\u1eb7c ghi ch\u00fa ransomware, m\u1ed9t s\u1ef1 ki\u1ec7n ph\u00e1t hi\u1ec7n ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i s\u1ebd kh\u00f4ng \u0111\u01b0\u1ee3c t\u1ea1o ra.&nbsp;<\/p>\n\n\n\n<p><strong>L\u01b0u \u00fd<\/strong>: Scan Inline b\u1ecb t\u1eaft theo m\u1eb7c \u0111\u1ecbnh khi b\u1ea1n c\u00e0i \u0111\u1eb7t ho\u1eb7c n\u00e2ng c\u1ea5p l\u00ean Veeam Backup &amp; Replication 12.1 (build 12.1.0.2131). N\u1ebfu b\u1ea1n mu\u1ed1n s\u1eed d\u1ee5ng ch\u1ee9c n\u0103ng n\u00e0y, h\u00e3y l\u01b0u \u00fd r\u1eb1ng n\u00f3 c\u00f3 th\u1ec3 t\u0103ng m\u1ee9c s\u1eed d\u1ee5ng CPU (trung b\u00ecnh 10-15%) tr\u00ean backup proxy ho\u1eb7c Veeam agent t\u00f9y thu\u1ed9c v\u00e0o lo\u1ea1i kh\u1ed1i l\u01b0\u1ee3ng c\u00f4ng vi\u1ec7c v\u00e0 l\u01b0\u1ee3ng d\u1eef li\u1ec7u.<\/p>\n\n\n\n<p><strong>2.C\u00e1c t\u00ecnh hu\u1ed1ng \u0111\u01b0\u1ee3c h\u1ed7 tr\u1ee3<\/strong><\/p>\n\n\n\n<p>B\u1ea1n c\u00f3 th\u1ec3 qu\u00e9t c\u00e1c kh\u1ed1i trong lu\u1ed3ng d\u1eef li\u1ec7u khi sao l\u01b0u c\u00e1c m\u00e1y sau:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>C\u00e1c m\u00e1y \u1ea3o VMware bao g\u1ed3m c\u00e1c m\u00e1y \u1ea3o VMware Cloud Director<\/li>\n\n\n\n<li>C\u00e1c m\u00e1y \u1ea3o Hyper-V<\/li>\n\n\n\n<li>C\u00e1c m\u00e1y s\u1eed d\u1ee5ng Veeam Agent for Microsoft Windows ho\u1ea1t \u0111\u1ed9ng trong ch\u1ebf \u0111\u1ed9 \u0111\u01b0\u1ee3c qu\u1ea3n l\u00fd b\u1edfi backup server (volume-level backup only)<\/li>\n<\/ul>\n\n\n\n<p><strong>3.Y\u00eau c\u1ea7u v\u00e0 h\u1ea1n ch\u1ebf<\/strong><\/p>\n\n\n\n<p>Scan inline c\u00f3 c\u00e1c y\u00eau c\u1ea7u v\u00e0 h\u1ea1n ch\u1ebf sau:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>T\u00ednh n\u0103ng qu\u00e9t ch\u1ec9 \u0111\u01b0\u1ee3c h\u1ed7 tr\u1ee3 cho c\u00e1c \u1ed5 \u0111\u0129a \u0111\u01a1n gi\u1ea3n v\u00e0 cho c\u00e1c h\u1ec7 th\u1ed1ng t\u1ec7p sau: NTFS, ext4, ext3, ext2.<\/li>\n\n\n\n<li>Qu\u00e9t \u1ed5 \u0111\u0129a \u0111\u1ed9ng v\u00e0 \u1ed5 \u0111\u0129a \u0111\u01b0\u1ee3c m\u00e3 h\u00f3a b\u1edfi BitLocker kh\u00f4ng \u0111\u01b0\u1ee3c h\u1ed7 tr\u1ee3.<\/li>\n\n\n\n<li>\u0110\u1ec3 l\u01b0u tr\u1eef d\u1eef li\u1ec7u ransomware, b\u1ea1n c\u1ea7n c\u00f3 \u0111\u1ee7 dung l\u01b0\u1ee3ng \u1ed5 \u0111\u0129a tr\u00ean m\u00e1y ch\u1ee7 d\u1ef1 ph\u00f2ng. Vi\u1ec7c t\u00ednh to\u00e1n dung l\u01b0\u1ee3ng \u1ed5 \u0111\u0129a d\u1ef1a tr\u00ean d\u1eef li\u1ec7u sau:\n<ul class=\"wp-block-list\">\n<li>S\u1ed1 l\u01b0\u1ee3ng m\u00e1y.<\/li>\n\n\n\n<li>Dung l\u01b0\u1ee3ng \u0111\u0129a \u0111\u00e3 s\u1eed d\u1ee5ng tr\u00ean m\u1ed7i m\u00e1y.<\/li>\n\n\n\n<li>S\u1ed1 \u0111i\u1ec3m kh\u00f4i ph\u1ee5c tr\u00ean m\u1ed7i m\u00e1y.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p>Vi\u1ec7c l\u01b0u tr\u1eef d\u1eef li\u1ec7u ransomware tr\u00ean m\u1ed7i m\u00e1y c\u1ea7n kho\u1ea3ng 270 KB dung l\u01b0\u1ee3ng \u1ed5 \u0111\u0129a tr\u00ean backup server cho m\u1ed7i 10 GB dung l\u01b0\u1ee3ng \u1ed5 \u0111\u0129a \u0111\u00e3 s\u1eed d\u1ee5ng nh\u00e2n v\u1edbi s\u1ed1 \u0111i\u1ec3m kh\u00f4i ph\u1ee5c.<\/p>\n\n\n\n<p>V\u00ed d\u1ee5: m\u1ed9t m\u00e1y c\u00f3 200 GB dung l\u01b0\u1ee3ng \u0111\u00e3 s\u1eed d\u1ee5ng v\u00e0 10 \u0111i\u1ec3m kh\u00f4i ph\u1ee5c. Vi\u1ec7c l\u01b0u tr\u1eef d\u1eef li\u1ec7u ransomware cho m\u00e1y n\u00e0y c\u1ea7n 54 MB (270 KB * 20 * 10 \u0111i\u1ec3m kh\u00f4i ph\u1ee5c).<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>C\u00e1c d\u1ea5u hi\u1ec7u v\u0103n b\u1ea3n s\u1ebd ch\u1ec9 \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n n\u1ebfu c\u00e1c \u0111i\u1ec1u ki\u1ec7n sau \u0111\u01b0\u1ee3c \u0111\u00e1p \u1ee9ng:\n<ul class=\"wp-block-list\">\n<li>K\u00edch th\u01b0\u1edbc kh\u1ed1i c\u1ee7a h\u1ec7 th\u1ed1ng t\u1ec7p l\u00e0 4 KB.<\/li>\n\n\n\n<li>T\u1ec7p v\u0103n b\u1ea3n c\u00f3 m\u00e3 h\u00f3a UTF-8.<\/li>\n\n\n\n<li>T\u1ec7p v\u0103n b\u1ea3n kh\u00f4ng \u0111\u01b0\u1ee3c l\u01b0u tr\u1eef trong Master File Table (MFT).<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Vi\u1ec7c ph\u00e1t hi\u1ec7n ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i \u1edf tr\u1ea1ng th\u00e1i &#8220;sleeping&#8221; kh\u00f4ng \u0111\u01b0\u1ee3c h\u1ed7 tr\u1ee3.<\/li>\n\n\n\n<li>M\u1ed9t s\u1ed1 lo\u1ea1i t\u1ec7p c\u00f3 th\u1ec3 b\u1ecb \u0111\u00e1nh d\u1ea5u nh\u1ea7m l\u00e0 \u0111\u00e1ng ng\u1edd trong qu\u00e1 tr\u00ecnh qu\u00e9t tr\u1ef1c tuy\u1ebfn scan inline, v\u00ed d\u1ee5 nh\u01b0 c\u00e1c g\u00f3i Linux n\u00e9n b\u1eb1ng LZMA, c\u00e1c t\u1ec7p \u0111\u01b0\u1ee3c m\u00e3 h\u00f3a b\u1eb1ng Windows EFS, c\u00e1c t\u1ec7p ISO c\u1ee5 th\u1ec3,.. N\u1ebfu b\u1ea1n c\u00f3 nh\u1eefng t\u1ec7p nh\u01b0 v\u1eady, b\u1ea1n c\u00f3 th\u1ec3 \u0111\u00e1nh d\u1ea5u c\u00e1c s\u1ef1 ki\u1ec7n ph\u00e1t hi\u1ec7n ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i li\u00ean quan l\u00e0 d\u01b0\u01a1ng t\u00ednh gi\u1ea3 (false-positive).<\/li>\n<\/ul>\n\n\n\n<p><strong>4.C\u00e1ch scan inline ho\u1ea1t \u0111\u1ed9ng<\/strong><\/p>\n\n\n\n<p>\u0110\u1ec3 scan inline, t\u00ednh n\u0103ng ph\u00e1t hi\u1ec7n ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i ho\u1ea1t \u0111\u1ed9ng theo c\u00e1ch sau:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Trong qu\u00e1 tr\u00ecnh sao l\u01b0u, Veeam Backup &amp; Replication ph\u00e2n t\u00edch si\u00eau d\u1eef li\u1ec7u c\u1ee7a c\u00e1c kh\u1ed1i d\u1eef li\u1ec7u v\u00e0 l\u01b0u tr\u1eef d\u1eef li\u1ec7u ransomware trong th\u01b0 m\u1ee5c t\u1ea1m th\u1eddi tr\u00ean backup proxy. M\u1ed9t t\u1ec7p tin \u1edf \u0111\u1ecbnh d\u1ea1ng RIDX \u0111\u01b0\u1ee3c t\u1ea1o cho m\u1ed7i \u0111\u0129a v\u00e0 ch\u1ee9a c\u00e1c th\u00f4ng tin sau:\n<ul class=\"wp-block-list\">\n<li>Si\u00eau d\u1eef li\u1ec7u c\u1ee7a \u0111\u0129a (t\u00ean \u0111\u0129a, th\u1eddi gian t\u1ea1o, dung l\u01b0\u1ee3ng \u0111\u0129a, dung l\u01b0\u1ee3ng \u0111\u00e3 s\u1eed d\u1ee5ng, k\u00edch th\u01b0\u1edbc sector, b\u1ea3ng ph\u00e2n v\u00f9ng)<\/li>\n\n\n\n<li>D\u1eef li\u1ec7u ransomware cho m\u1ed7i kh\u1ed1i d\u1eef li\u1ec7u (d\u1eef li\u1ec7u m\u00e3 h\u00f3a, lo\u1ea1i t\u1ec7p tin, \u0111\u1ecba ch\u1ec9 onion, ghi ch\u00fa ransomware)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p>L\u01b0u \u00fd: N\u1ebfu c\u00e1c ti\u00eau \u0111\u1ec1 LZMA \u0111\u01b0\u1ee3c t\u00ecm th\u1ea5y, ch\u00fang s\u1ebd b\u1ecb lo\u1ea1i tr\u1eeb kh\u1ecfi t\u00ednh to\u00e1n d\u1eef li\u1ec7u m\u00e3 h\u00f3a \u0111\u1ec3 gi\u1ea3m thi\u1ec3u s\u1ed1 l\u01b0\u1ee3ng c\u00e1c s\u1ef1 ki\u1ec7n d\u01b0\u01a1ng t\u00ednh gi\u1ea3.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Khi backup job ho\u00e0n t\u1ea5t, d\u1eef li\u1ec7u ransomware \u0111\u01b0\u1ee3c l\u01b0u trong th\u01b0 m\u1ee5c VBRCatalog tr\u00ean backup server. Theo m\u1eb7c \u0111\u1ecbnh, \u0111\u01b0\u1eddng d\u1eabn l\u00e0 %volume%:\\VBRCatalog\\Index\\Machines%machine_name%%date%%guid%\\ransomwareidx. Veeam Guest Catalog Service s\u1ebd th\u00f4ng b\u00e1o cho Veeam Data Analyzer Service v\u1ec1 d\u1eef li\u1ec7u m\u1edbi c\u1ea7n \u0111\u01b0\u1ee3c qu\u00e9t.<\/li>\n\n\n\n<li>Veeam Data Analyzer Service ki\u1ec3m tra k\u1ebft qu\u1ea3 qu\u00e9t g\u1ea7n nh\u1ea5t trong t\u1ec7p tin RansomwareIndexAnalyzeState.xml n\u1eb1m trong th\u01b0 m\u1ee5c VBRCatalog v\u00e0 kh\u1edfi t\u1ea1o m\u1ed9t qu\u00e1 tr\u00ecnh qu\u00e9t tr\u1ef1c tuy\u1ebfn m\u1edbi. Qu\u00e1 tr\u00ecnh qu\u00e9t c\u0169ng \u0111\u01b0\u1ee3c kh\u1edfi t\u1ea1o n\u1ebfu Veeam Data Analyzer Service nh\u1eadn \u0111\u01b0\u1ee3c d\u1eef li\u1ec7u l\u1eadp ch\u1ec9 m\u1ee5c m\u1edbi sau khi d\u1ecbch v\u1ee5 b\u1eaft \u0111\u1ea7u.<\/li>\n\n\n\n<li>Trong qu\u00e1 tr\u00ecnh qu\u00e9t, Veeam Data Analyzer Service so s\u00e1nh \u0111i\u1ec3m kh\u00f4i ph\u1ee5c m\u1edbi v\u1edbi \u0111i\u1ec3m kh\u00f4i ph\u1ee5c s\u1edbm nh\u1ea5t \u0111\u01b0\u1ee3c t\u1ea1o trong 25 gi\u1edd qua. V\u00ed d\u1ee5, hai \u0111i\u1ec3m kh\u00f4i ph\u1ee5c \u0111\u01b0\u1ee3c t\u1ea1o ra 10 v\u00e0 5 gi\u1edd tr\u01b0\u1edbc. \u0110i\u1ec3m kh\u00f4i ph\u1ee5c m\u1edbi s\u1ebd \u0111\u01b0\u1ee3c so s\u00e1nh v\u1edbi \u0111i\u1ec3m kh\u00f4i ph\u1ee5c \u0111\u01b0\u1ee3c t\u1ea1o ra 10 gi\u1edd tr\u01b0\u1edbc.<\/li>\n\n\n\n<li>N\u1ebfu \u0111i\u1ec3m kh\u00f4i ph\u1ee5c tr\u01b0\u1edbc \u0111\u00f3 kh\u00f4ng \u0111\u01b0\u1ee3c t\u1ea1o trong 25 gi\u1edd qua, d\u1ecbch v\u1ee5 s\u1ebd c\u1ed1 g\u1eafng t\u00ecm \u0111i\u1ec3m kh\u00f4i ph\u1ee5c g\u1ea7n nh\u1ea5t \u0111\u01b0\u1ee3c t\u1ea1o ra trong 30 ng\u00e0y qua. V\u00ed d\u1ee5, hai \u0111i\u1ec3m kh\u00f4i ph\u1ee5c \u0111\u01b0\u1ee3c t\u1ea1o ra c\u00e1ch \u0111\u00e2y 2 ng\u00e0y v\u00e0 10 ng\u00e0y. \u0110i\u1ec3m kh\u00f4i ph\u1ee5c m\u1edbi s\u1ebd \u0111\u01b0\u1ee3c so s\u00e1nh v\u1edbi \u0111i\u1ec3m kh\u00f4i ph\u1ee5c \u0111\u01b0\u1ee3c t\u1ea1o ra c\u00e1ch \u0111\u00e2y 2 ng\u00e0y.<\/li>\n\n\n\n<li>Veeam Data Analyzer Service so s\u00e1nh c\u00e1c t\u1ec7p RIDX cu\u1ed1i c\u00f9ng v\u00e0 tr\u01b0\u1edbc \u0111\u00f3, \u0111\u1ed3ng th\u1eddi c\u1eadp nh\u1eadt t\u1ec7p RansomwareIndexAnalyzeState.xml. N\u1ebfu ph\u00e1t hi\u1ec7n ho\u1ea1t \u0111\u1ed9ng c\u1ee7a ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i, d\u1ecbch v\u1ee5 s\u1ebd t\u1ea1o s\u1ef1 ki\u1ec7n ph\u00e1t hi\u1ec7n ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i v\u00e0 \u0111\u00e1nh d\u1ea5u c\u00e1c \u0111\u1ed1i t\u01b0\u1ee3ng l\u00e0 \u0111\u00e1ng ng\u1edd.<\/li>\n\n\n\n<li>N\u1ebfu kh\u00f4ng t\u00ecm th\u1ea5y t\u1ec7p RIDX tr\u01b0\u1edbc \u0111\u00f3, Veeam Data Analyzer Service s\u1ebd th\u1ef1c hi\u1ec7n thao t\u00e1c \u0111\u1ecdc to\u00e0n b\u1ed9 \u0111\u0129a \u0111\u1ec3 t\u1ea1o t\u1ec7p RIDX. Trong tr\u01b0\u1eddng h\u1ee3p n\u00e0y, phi\u00ean c\u00f4ng vi\u1ec7c s\u1ebd k\u00e9o d\u00e0i h\u01a1n b\u00ecnh th\u01b0\u1eddng nh\u01b0ng k\u00edch th\u01b0\u1edbc c\u1ee7a t\u1ec7p sao l\u01b0u gia t\u0103ng s\u1ebd kh\u00f4ng b\u1ecb \u1ea3nh h\u01b0\u1edfng. Trong qu\u00e1 tr\u00ecnh ho\u1ea1t \u0111\u1ed9ng n\u00e0y, t\u00f9y ch\u1ecdn Theo d\u00f5i kh\u1ed1i \u0111\u00e3 thay \u0111\u1ed5i (CBT) s\u1ebd kh\u00f4ng \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng.<\/li>\n\n\n\n<li>Thao t\u00e1c \u0111\u1ecdc to\u00e0n b\u1ed9 \u0111\u0129a c\u0169ng s\u1ebd \u0111\u01b0\u1ee3c th\u1ef1c hi\u1ec7n n\u1ebfu b\u1ea1n th\u00eam \u0111\u0129a m\u1edbi v\u00e0o VM.<\/li>\n<\/ul>\n\n\n\n<p><strong>5.K\u00edch ho\u1ea1t scan inline&nbsp;<\/strong><\/p>\n\n\n\n<p>\u0110\u1ec3 b\u1eadt scan inline, h\u00e3y l\u00e0m nh\u01b0 sau:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>T\u1eeb menu ch\u00ednh, ch\u1ecdn <strong>Malware Detection<\/strong> > <strong>General.<\/strong><\/li>\n\n\n\n<li>\u1edf <strong>Encryption detection<\/strong> > <strong>Enable inline entropy analysis.<\/strong><\/li>\n\n\n\n<li>Ch\u1ec9 \u0111\u1ecbnh \u0111\u1ed9 nh\u1ea1y qu\u00e9t t\u00f9y thu\u1ed9c v\u00e0o d\u1eef li\u1ec7u sao l\u01b0u v\u00e0 kh\u1ea3 n\u0103ng c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng sao l\u01b0u c\u1ee7a b\u1ea1n. Gi\u00e1 tr\u1ecb m\u1eb7c \u0111\u1ecbnh l\u00e0 Normal.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"709\" height=\"517\" src=\"http:\/\/aws.vacif.com\/wp-content\/uploads\/sites\/3\/2024\/08\/scan-inline-trong-veeam-backup-replication-1.png\" alt=\"\" class=\"wp-image-20259\" srcset=\"https:\/\/vacif.com\/en\/wp-content\/uploads\/sites\/3\/2024\/08\/scan-inline-trong-veeam-backup-replication-1.png 709w, https:\/\/vacif.com\/en\/wp-content\/uploads\/sites\/3\/2024\/08\/scan-inline-trong-veeam-backup-replication-1-600x438.png 600w, https:\/\/vacif.com\/en\/wp-content\/uploads\/sites\/3\/2024\/08\/scan-inline-trong-veeam-backup-replication-1-300x219.png 300w\" sizes=\"auto, (max-width: 709px) 100vw, 709px\" \/><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>1.Scan Inline&nbsp; \u0110\u1ec3 qu\u00e9t c\u00e1c kh\u1ed1i trong lu\u1ed3ng d\u1eef li\u1ec7u (data stream), Veeam Backup &amp; Replication s\u1eed d\u1ee5ng ph\u00e2n t\u00edch entropy tr\u1ef1c tuy\u1ebfn. Trong qu\u00e1 tr\u00ecnh backup job, ho\u1ea1t \u0111\u1ed9ng ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i sau c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n: M\u1ed9t s\u1ef1 ki\u1ec7n ph\u00e1t hi\u1ec7n ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i s\u1ebd \u0111\u01b0\u1ee3c t\u1ea1o ra n\u1ebfu m\u1ed9t [&hellip;]<\/p>\n","protected":false},"author":9,"featured_media":19726,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_eb_attr":"","ocean_post_layout":"","ocean_both_sidebars_style":"","ocean_both_sidebars_content_width":0,"ocean_both_sidebars_sidebars_width":0,"ocean_sidebar":"","ocean_second_sidebar":"","ocean_disable_margins":"enable","ocean_add_body_class":"","ocean_shortcode_before_top_bar":"","ocean_shortcode_after_top_bar":"","ocean_shortcode_before_header":"","ocean_shortcode_after_header":"","ocean_has_shortcode":"","ocean_shortcode_after_title":"","ocean_shortcode_before_footer_widgets":"","ocean_shortcode_after_footer_widgets":"","ocean_shortcode_before_footer_bottom":"","ocean_shortcode_after_footer_bottom":"","ocean_display_top_bar":"default","ocean_display_header":"default","ocean_header_style":"","ocean_center_header_left_menu":"","ocean_custom_header_template":"","ocean_custom_logo":0,"ocean_custom_retina_logo":0,"ocean_custom_logo_max_width":0,"ocean_custom_logo_tablet_max_width":0,"ocean_custom_logo_mobile_max_width":0,"ocean_custom_logo_max_height":0,"ocean_custom_logo_tablet_max_height":0,"ocean_custom_logo_mobile_max_height":0,"ocean_header_custom_menu":"","ocean_menu_typo_font_family":"","ocean_menu_typo_font_subset":"","ocean_menu_typo_font_size":0,"ocean_menu_typo_font_size_tablet":0,"ocean_menu_typo_font_size_mobile":0,"ocean_menu_typo_font_size_unit":"px","ocean_menu_typo_font_weight":"","ocean_menu_typo_font_weight_tablet":"","ocean_menu_typo_font_weight_mobile":"","ocean_menu_typo_transform":"","ocean_menu_typo_transform_tablet":"","ocean_menu_typo_transform_mobile":"","ocean_menu_typo_line_height":0,"ocean_menu_typo_line_height_tablet":0,"ocean_menu_typo_line_height_mobile":0,"ocean_menu_typo_line_height_unit":"","ocean_menu_typo_spacing":0,"ocean_menu_typo_spacing_tablet":0,"ocean_menu_typo_spacing_mobile":0,"ocean_menu_typo_spacing_unit":"","ocean_menu_link_color":"","ocean_menu_link_color_hover":"","ocean_menu_link_color_active":"","ocean_menu_link_background":"","ocean_menu_link_hover_background":"","ocean_menu_link_active_background":"","ocean_menu_social_links_bg":"","ocean_menu_social_hover_links_bg":"","ocean_menu_social_links_color":"","ocean_menu_social_hover_links_color":"","ocean_disable_title":"default","ocean_disable_heading":"default","ocean_post_title":"","ocean_post_subheading":"","ocean_post_title_style":"","ocean_post_title_background_color":"","ocean_post_title_background":0,"ocean_post_title_bg_image_position":"","ocean_post_title_bg_image_attachment":"","ocean_post_title_bg_image_repeat":"","ocean_post_title_bg_image_size":"","ocean_post_title_height":0,"ocean_post_title_bg_overlay":0.5,"ocean_post_title_bg_overlay_color":"","ocean_disable_breadcrumbs":"default","ocean_breadcrumbs_color":"","ocean_breadcrumbs_separator_color":"","ocean_breadcrumbs_links_color":"","ocean_breadcrumbs_links_hover_color":"","ocean_display_footer_widgets":"default","ocean_display_footer_bottom":"default","ocean_custom_footer_template":"","ocean_post_oembed":"","ocean_post_self_hosted_media":"","ocean_post_video_embed":"","ocean_link_format":"","ocean_link_format_target":"self","ocean_quote_format":"","ocean_quote_format_link":"post","ocean_gallery_link_images":"on","ocean_gallery_id":[],"footnotes":""},"categories":[80],"tags":[488,385],"class_list":["post-20255","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-huong-dan-tai-lieu","tag-data-stream","tag-veeam-backup-replication","entry","has-media"],"_links":{"self":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts\/20255","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/comments?post=20255"}],"version-history":[{"count":1,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts\/20255\/revisions"}],"predecessor-version":[{"id":20302,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts\/20255\/revisions\/20302"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/media\/19726"}],"wp:attachment":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/media?parent=20255"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/categories?post=20255"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/tags?post=20255"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}