Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Replies 5 replies
  • Subscribers 13 subscribers
  • Views 549 views
  • Users 0 members are here
Options
Suggested

Sophos blocking Veeam Agent on Windows 11

Tony Graham

I have a problem with Veeam backup agent with Sophos Endpoint Agent installed

If I uninstall Sophos Endpoint I am able to backup the PC. If Sophos is installed it is blocked.

I assume this is a matter of somehow unblocking the app or opening some ports but as I am a newcomer to Sophos Endpoint it is not clear to me how to accomplish this.

Interestingly I have another machine that I am backing up without issue. There is nothing in any logs Sophos Central or local Windows logs referencing the failing backup.

Thanks for any assistance.

  • 0

    Hi Tony,

    Thanks for reaching out to the Sophos Community Forum. 

    Could you let me know if any errors are shown in Veeam or if the backup operation continues running without completion?
    Are both devices on the same local network such that the allowed/blocked domains and ports are the same? 

    As an initial check, I'd suggest checking that Veeam's suggested exclusions are added to Sophos.
    - Veeam Antivirus Exclusions

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • +1 in reply to Qoosh

    I am not getting any errors logged anywhere. Both devices are on a local network, the same as the third machine that is working. I would add the exclusions but as I stated I am new to Sophos and do not know where to add those exclusions. Thanks.

    **UPDATE** I was able to get the job working by assigning a Windows Firewall Policy in Sophos Central. However, it is an 'Allow All' policy as I do not see any fine grained options.

  • 0 in reply to Tony Graham

    In your case, a "Process" exclusion may be best, as this will exclude the file and network operations that the given exe performs. Checking the Veeam documentation available, I was not able to locate any exe's referenced specifically. 

    When you trigger a backup, could you try checking Task Manager to see what processes start on the device? Linked below is more information on: 
    - Exclusions
    - Process Exclusions

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • +1

      Well, I thought I would share this with the community as it's an odd one but these are the observations I had during this issue. I will start at the beginning. After a Veeam upgrade from 12.0 to 12.2 all communication with the remote agent in question stopped. I added the affected machine to a new Sophos Policy such that the Windows Firewall would be set to Allow All. This allowed Veeam to communicate and backup with the agent. When I went to investigate the solution of adding a process exclusion, the first thing I did was set the policy I created for that machine to 'Bypassed'. I then waited a day and let the overnight backup run again (I wanted to ensure the problem still existed). To my surprise, it worked. So I manually checked communication with the agent and I can still connect. So, with no other changes it has apparently repaired whatever was wrong when communication was first re-established. Perhaps an agent update was waiting that could not be applied while the firewall was enabled. I have since removed the machine from the special policy I created and deleted that policy.

  • 0 in reply to Tony Graham

    Thanks for following up to share your findings Tony. I'm certain this will be a great help to other customers who may run into similar issues.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Unfiltered HTML