08-17-2022 12:44 AM
We are observing VEEAM VeeamTransportSvc.exe being blocked by BTP and, thus, preventing backups from being started.
We are working on a temporary fix excluding path and cgo and the likes but this is the second week in a row that content updates are screwing, this time impacting operations.
Already filled a support case.
BR
08-18-2022 01:19 AM
just open https://knowledgebase.paloaltonetworks.com/
and type VEEAM the first option give you the KB
i got the new CU and that still block my app, i add the CGO for now.
08-18-2022 01:29 AM
Yes, I updated to CU650-11590 and Veeam is still blocked.
08-18-2022 01:41 AM
I think that the VSS is still blocked and the relevant services need a restart as noted in a previous comment.
08-18-2022 01:45 AM
Yeah thanks, unfortunately the KB is "please do an alert exception" but given the services involved I would not do that.
08-18-2022 01:46 AM
Well the exception is just for this BTP rule which considering that is from two days ago I do believe is the best solution until they solve this issue on their side.
08-18-2022 01:49 AM
Yes, I've created the exception just for this rule and just applied to those machines backed up by Veeam...
08-18-2022 02:22 AM
Yeah I know but the "Boot in safe mode" abuse is all the rage right now and is actively used in the wild.
PA stated that a CU with the fix has been released so I'll rather wait for it to be acquired by the agents.
08-18-2022 02:49 AM
Hi,
CU650-11590 doesn't fix it for us 😞
still the same BCD operation
08-18-2022 02:59 AM
Unfortunately the fix still doesn't work, and I think the risk of not having an up-to-date AD backup is greater 😉
08-18-2022 03:05 AM
Relevant VEEAM Kb
https://www.veeam.com/kb1697
[....]
Many anti-virus solutions have developed modules that monitor and prevent access to the boot configuration data (BCD). These "boot protection modules" have been observed to prevent Veeam's Application-Aware Processing processing from working with Domain Controllers. During the backup job's Application-Aware Processing step, for Domain Controllers only, the BCD is temporarily modified to enable SafeBoot.
[...]
08-18-2022 03:08 AM
Did you restarted the services mentioned here by @parkerjr2 ?
https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/another-week-another-btp-quirk-behaviora...
08-18-2022 03:26 AM
I restarted the server. Still didn't work.
08-18-2022 03:30 AM
08-18-2022 04:24 AM
FYi : I've uploaded the SUEX file (a json format file to be uploaded in the Policy Global Exceptions/Support Exception) provided by the PAN support, as I need the backups to run this week-end while we wait for PAN to get a proper fix
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
