It's already the third episode and summer is coming, so we're generous and bring you a combo of 2 interesting regkeys for Veeam Backup and Replication.
VTHScanEmail & VTHScanExclusions
In case you didn't know: VTH stands for Veeam's Threat Hunter technology.
Why Your Backups Need a Threat Hunter (and why Veeam Delivers)
In today’s cyber battleground, relying solely on production environment security is like wearing half a suit of armor. Existing tools might miss stealthy threats, third-party scanners drain budgets and resources, and performance bottlenecks slow critical recoveries.
Let's look at VTH: a zero-cost, zero-install second opinion embedded directly in Veeam’s SureBackup, Backup Scan, and Secure Restore workflows. No extra licenses needed. No complex deployments. Just pure, surgical malware hunting !
But what if you need granular control over what gets scanned?
That’s where the registry keys VTHScanEmail and VTHScanExclusions come in to play.
VTHScanEmail: The Email Scanning Power Switch
- Key Path: `HKLM\SOFTWARE\Veeam\Veeam Threat Hunter\`
- Value Type: DWORD
- Default State: `1` (Enabled)
What It Do ?
When enabled (value `1`), Veeam Threat Hunter will scan:
- Plaintext emails (e.g., .EML, .MSG)
- Email databases (PST, OST, MBX, DBZ, etc.)
A Trade-Off:
Scanning complex email structures isn’t lightweight so expect longer scan times for your restore points, especially with large mailboxes and/or a lot of local files. Think about servers that hold multiple user's OST files. If performance is critical or PST files aren’t a priority, setthis key to `0` to disable email scanning.
My personal view:
Use this key situationally! Enable it for targeted Secure Restores of mail data, but disable it for broad backup scans where non-email files are the focus.
VTHScanExclusions: Your Performance Safeguard
- Key Path: HKLM\SOFTWARE\Veeam\Veeam Threat Hunter\
- Value Type: REG_MULTI_SZ (Multi-String)
This key is Threat Hunter’s "exclusion list" a wildcard-driven filter to skip non-essential paths. Every second counts during malware scans, and excluding bloated folders (like temporary files or archives) can slash scan times dramatically.
How to use this exception list ?
One Path Per Line: List exclusions vertically—no commas, no quotes.
Wildcards Are Your Friend (But Handle With Care):
- *.log → Matches any ".log" file in any directory.
- Backup* → Skips folders and files starting with "Backup" (e.g., `C:\Backup_Old\`).
- \Projects\Temp\* → Ignores everything in "\Projects\Temp\" (but not subfolders like "\Projects\Temp\Archive\").
Good to know:
Veeam auto-prepends `*\` to your entry.
"Documents*" becomes `*\Documents*` so matching any folder named "Documents".
Drive letters are wildcarded:
"C:\Logs\*" becomes "*\Logs\*"
Minimum 3 characters per entry are needed
Deep path example: "\demo1*\demo2*\*" excludes "\demo123\demo\demo456\application.exe"
So pay attention when using wildcard in the middle of an exclusion string.
A Real-World Example:
Registry entry:
*.tmp
Temp*
\Archive\*
Windows\Logs\*.bak
This set of exclusions will skip temporary files, "Temp"-prefixed items, anything in `\Archive`, and `.bak` logs under the path "Windows\Logs".
Why This Matters:
Veeam Threat Hunter isn’t just another scanner, it’s an insurance against "silent backup corruption".
By leveraging these keys:
- You avoid scanning gigs of irrelevant email data (VTHScanEmail).
- You sidestep performance-killing directories (VTHScanExclusions).
- You gain enterprise-grade threat detection without buying new tools.
Final Checklist:
- Back up your registry before editing. (of course we always do !)
- Guest file indexing must be enabled in order to scan the individual files.
- Use Veeam ONE to monitor scan performance trends.
- Combine keys: Disable email scans (`VTHScanEmail=0`) & exclude non-critical paths for max speed.
- Explore Veeam’s Official Threat Hunter Guide for more information
