Version 3.1 was created in early 2024 as part of software maintenance and contains minor improvements. An update is not mandatory, but is recommended when the opportunity arises. New is: The Blocky GUI is now called that (no longer "Blockyforbackup") Fingerprint checks optimized through caching – fewer file accesses, more performance and optimized logging. Protecting binaries against manipulation and debugging License Hub (for very large users) now with WebUI

The application's above-mentioned "fingerprint" is invalid and needs to be updated. Programs with fingerprints that are no longer up-to-date are highlighted in color in the whitelist and must be updated: Right-click - "Update". The fingerprint is then recreated and the program can be run again. An email notification to the administrator about invalid fingerprints is easy to set up: add an entry to the end of the list of notifications (right mouse button - insert) and enter the "Whitlelist Entry Invalid" event as an email notification .

With version update 2.6 (June 2022), Blocky for Veeam is even better positioned to protect the Windows volumes of your Veeam repositories from ransomware encryption. What's new? Support for Windows Server 2022 Central management of multiple Blocky instances(Central GUI can be set instead of Local GUI / central config can be transferred to other servers) Improvements: Even more precise access monitoring Core Installation Support (No GUI) Password reset requestable via GUI An update is only required if the new features are desired. Direct updates from version 2.5 and higher are possible. For more details please read the Admin Guide.

Blocky for Veeam also securely protects the Windows volumes of the Veeam v11 repositories from encryption. When Veeam upgrade from a previous version e.g. v9 or v10 please do the following for Blocky:

Blocky is compatible with all known Veeam versions.

Blocky supports Windows Server 2012, 2016, 2019 and 2022. Please note that only Windows Server operating systems are supported and e.g. the protection function does not work under Windows 10.

The Blocky Suite is generic protection software, which can also protect other application scenarios if necessary. Blocky4Backup has been specially tested for Veeam environments and is maintained and developed accordingly.

Antivirus software should of course be used alongside Blocky on the Veeam Repository Server. To avoid unnecessary antivirus notifications, the antivirus software should exclude BlockyAccessCntrlSvc.exe in the C:\Program Files\GrauData\Blocky folder from the real-time scan and behavior monitoring.

Blocky requires a full server desktop to install. For more installation options, please consult the admin guide.Unpack the zip file and start the installation program with the right mouse button as administrator.

Usually, the applications are identified via “Automatic Whitelisting”. Unwanted applications are removed manually if necessary, and others are added. With Veeam V10, the list usually looks like this, whereby the CatalogDataService often only starts weekly and should therefore be added manually to the automatically generated list. Your system house partner will advise you on the individual setup of your Veeam Repository Server.

Blocky for Veeam sends notifications via email (SMTP) to the administrator and/or other email addresses based on event and status change rules. Furthermore, Blocky notifies in the GUI in the status area and sends to the Windows application event log. Blocky can send alert notifications to the Windows application event log, to email recipients and to the Status Area of the Blocky4Backup GUI depending on certain rules. Event types are: • unauthorized access • authorized access • no license valid • license will expire soon • invalid whitelist entry • internal error Notification about invalid fingerprints by e-mail to the administrator is easy to set up: In the list of notifications, add an entry at the end (right mouse button - insert) and the event "Whitlelist Entry Invalid “ as E-Mail Notification. More Info: Please read the Admin Guide (part of the program download zip file)

Via your system house partner. The Cristie.Partners team ( email: team@cristie.partners ) will be happy to name the right one for you partners. Even if "your" system house partner is not yet listed, he will certainly be happy to support you in protecting your Veeam environment. France: www.pedab.fr UK: www.titandatasolutions.com

Blocky is distributed in a subscription license model and is offered with one, three and five-year licenses. These should be ordered and installed within the free 14-day trial period. Exactly one "Entry" license is required for individual volumes up to 25TB or 50TB. For multiple Repository Server volumes to be protected, the "Enterprise" license model offers licensing packages up to 100TB, 250TB, 500TB, up to 1PB and >1PB.

A license file is provided for each volume to be protected and assigned accordingly in the Blocky for Veeam GUI. Blocky stores the license file securely on the volume.

The customer receives a so-called "Cap-ID" for each Windows volume to be protected. With the Cap ID, a volume license can be requested from support@graudata.com under "License Management" ("Register License"). The license key can be generated online or retrieved by email and then sent within a few days. In the GUI, the license is then assigned to a specific volume drive letter under "License Management" - "Install". The protection can then be activated by right-clicking on the drive letter. The protected volume is assigned to the "Access-Controlled Volumes" in the directory tree. Protection can be disabled temporarily (for volume maintenance) or completely at any time. Best practice is to limit protection to 1st level subfolders.

The customer receives a notification in good time (configurable) that the license is expiring. A subsequently purchased license can be registered and then installed at any time. If you don't want to renew the license for Blocky for Veeam and instead want to uninstall it, start the Unistall program (e.g. via "Add or Remove Programs" using the Blocky password).For security reasons, when a license for a still protected volume expires, it is set to full protection, i.e. all change requests are rejected.

Usually Veeam users secure their first backup with Blocky for Veeam. In the event of an encryption attack, the backup remains intact and allows for quick recovery of the compromised servers and data. Other backup files such as Veeam Backup Copy Jobs and Veeam Scale-Out Repositories can also be protected with Blocky for Veeam.

Blocky protects Windows NTFS or ReFS volumes that appear with a drive letter in Windows Device Manager. Network-Attached-Storage (NAS devices) have their own security environment and unfortunately cannot be additionally protected via Blocky.

Yes, these volumes may not be used by other applications that use the volume e.g. as a cache or dump or similar. This use is theoretically possible, but the function of the further application cannot be guaranteed, since the blocky whitelisting may not be able to identify and fingerprint all DLLs belonging to the application and their processes.

No, this is not possible. See explanation above.

Yes, protection can be activated either for a whole volume or for individual directories of the first directory level of the volume. This allows individual directories to be kept writable/changeable for other purposes. However, the required volume license always refers to the entire capacity of the volume.

There are various events that lead to notification of the administrator. These notifications are configurable. The most important thing is that the "unauthorized access" event is notified. An event notification can be sent via e-mail, via an entry in the blocky log (“logging” in the monitoring area) and the Windows Application Event Log.

Each application allowed to access the protected volume must be identified and authorized. For this purpose, a SHA1 hash value is stored and checked for each application, the associated components and the running processes. If the value does not match, the application has been changed intentionally or unintentionally. Unintentionally then indicates possible malware activities. For example, a Veeam software update is wanted.

There are various events that lead to notification of the administrator. These notifications are configurable. The most important thing is that the "unauthorized access" event is notified.An event notification can be sent via e-mail, via an entry in the blocky log (“logging” in the monitoring area) and the Windows Application Event Log.

Each application allowed to access the protected volume must be identified and authorized. For this purpose, a SHA1 hash value is stored and checked for each application, the associated components and the running processes. If the value does not match, the application has been changed intentionally or unintentionally. Unintentionally then indicates possible malware activities. For example, a Veeam software update is wanted.

Blocky uses its own filter technology to monitor access to the protected volumes. Even if the Blocky GUI is closed, the protection runs as configured. However, if the associated service is changed or closed, the filter driver switches to full protection, no longer allows any changes and notifies the administrator.

Blocky for Veeam is password protected. The password is required for installing, uninstalling and enabling/disabling the protection function.

Yes, Blocky for Veeam provides a command line interface. All protection-relevant commands require the specification of the password. See Admin Guide for details.