Good people of the Veeam forum,
In v12.1 I understand a malware detection feature was introduced. It quickly prompted us that 6 of our VMs have suspicious malware activity on them. After seeing this we ran a site-wide ESET Anti Virus scan which returned all clean. I also ran a malware scan for one of the servers through SureBackup, which also says "Malware scan test: Success". As you can imagine we are confused at this point.
Is there any way to detect the file name or location that Veeam is detecting the malware?
Server 1: Potential malware activity detected: *.mvp: 438 *.fcp: 102 *.ccc(TeslaCrypt or Cryptowall): 50 *._he: 35 *.xyz(TeslaCrypt): 21 *.osk: 18 *..txt: 8 *.ttt(TeslaCrypt 3.0): 6 *.fun(Jigsaw): 4 *.support: 3 *.vvv(TeslaCrypt 3.0): 2 *.china: 2 *.japan: 2 *.palm: 2 *.switch: 2 *.crown: 1 *.xdata: 1
Server 2: Potential malware activity detected: *.nov: 2
Server 3: Potential malware activity detected: *.666: 1
Server 4: Potential malware activity detected: *.mvp: 41
Server 5: Potential malware activity detected: *.mvp: 15 *.switch: 8 *..txt: 5 *.lion: 3 *.xyz(TeslaCrypt): 1 *.area: 1 *.support: 1
Server 6: Potential malware activity detected: *.mvp: 12
Many thanks!
-
- Influencer
- Posts: 18
- Liked: never
- Joined: Apr 27, 2022 7:12 am
- Full Name: Jack F
- Contact:
-
- Product Manager
- Posts: 14786
- Liked: 1722 times
- Joined: Feb 04, 2013 2:07 pm
- Full Name: Dmitry Popov
- Location: Prague
- Contact:
Re: 12.1 Malware Detection Feature
Hello Jack,
This check was performed by the index scan, so you can take a look at the log files located here: C:\ProgramData\Veeam\Backup\Malware_Detection_Logs
The mentioned extensions could be removed from the source machine by your AV, please take a look at AV's historical logs to be sure you are safe.
Once the file paths are detected from the logs, can you please share if that was a false positive or not? Can you confirm if those files are known and valid? Thank you for your post!
This check was performed by the index scan, so you can take a look at the log files located here: C:\ProgramData\Veeam\Backup\Malware_Detection_Logs
The mentioned extensions could be removed from the source machine by your AV, please take a look at AV's historical logs to be sure you are safe.
Once the file paths are detected from the logs, can you please share if that was a false positive or not? Can you confirm if those files are known and valid? Thank you for your post!
-
- Influencer
- Posts: 18
- Liked: never
- Joined: Apr 27, 2022 7:12 am
- Full Name: Jack F
- Contact:
Re: 12.1 Malware Detection Feature
Hi Dima,
Thank you for letting me know the location of the logs. We have gone through the entire list and have deemed them to be false positives. I have marked the backups as clean on Veeam, but I do not want these to keep flagging up. Will they now be marked as false positives or will it keep happening?
Thanks!
Thank you for letting me know the location of the logs. We have gone through the entire list and have deemed them to be false positives. I have marked the backups as clean on Veeam, but I do not want these to keep flagging up. Will they now be marked as false positives or will it keep happening?
Thanks!
-
- Product Manager
- Posts: 14786
- Liked: 1722 times
- Joined: Feb 04, 2013 2:07 pm
- Full Name: Dmitry Popov
- Location: Prague
- Contact:
Re: 12.1 Malware Detection Feature
Thank you for the update and glad to hear that those are false positive alert! You need to add extensions to exclusions via Indexing scan settings:

For more details you can review this post

For more details you can review this post
Who is online
Users browsing this forum: No registered users and 15 guests