Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 15 subscribers
  • Views 2035 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Alert - WIN-INI-PRC-VEEAM-BACKUP-SUSP-CHILD-PROCESS-1

Gleison Lichtenfels

Hello everyone,

Is anyone else getting "High-Risk" detections "WIN-INI-PRC-VEEAM-BACKUP-SUSP-CHILD-PROCESS-1" from Veeam Backup and Replication?

Parent Command Line: "C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.Service.exe"
Process Owner: SISTEMA
Signer Info: Veeam Software Group GmbH
Sophos Process ID: 20816:133718331003397117
File Path: C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.Satellite.exe
Command Line: "C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.Satellite.exe" "TBKWINBK_server.admin1_PowerShell_TBKWINBK_1507cc51-63c0-4f4e-8622-cc5bc1dc0b66"

 

This is the first time I have seen this detection. Veeam Backup and Replication has been installed on the server for a long time.



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Qoosh

    It's the exact same, with the difference being the CLI section. Looking at the Veaam Logs under svc.veeambackup.log, this 'Veeam.Backup.Satellite.exe' invokes the PowerShell CLI after each attempt to check for client updates. This had been occurring hourly, which corresponds to our case detections. 


Unfiltered HTML