Hi,
last week I tested the malware detection in 12.1.
I created an empty debian-VM, added it to a backup with enabled guest indexing and put 5000 PDF-files in the VM. I did some backup-runs to create a baseline.
Then I added all the PDF-files to an encrypted zip and deleted all PDF-files.
On the next backup I got a warning on encrypted data through the inline scan - that was fine.
But I also expected a warning on the number of deleted files through the "Guest Indexing Data Scan" - but I got none.
In the documentation it states that a warning is triggered when "Multiple files deleted by malware. A malware detection event will be created if at least 25 files with specific extensions or 50% of files with specific extensions are deleted."
Am I misinterpreting the trigger conditions?
Many thanks!
Joern
-
JWester
- Service Provider
- Posts: 63
- Liked: 7 times
- Joined: Apr 04, 2011 8:56 am
- Full Name: Joern Westermann
- Contact:
-
Gostev
- Chief Product Officer
- Posts: 31899
- Liked: 7396 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: Testing Malware Detection: How can I trigger guest indexing data scan?
Hi, do you have both options enabled?
- Guest file system indexing in the backup job settings
- File system activity analysis in the Malware Detection settings > General tab
If yes then it is best to open a support case for further troubleshooting.
- Guest file system indexing in the backup job settings
- File system activity analysis in the Malware Detection settings > General tab
If yes then it is best to open a support case for further troubleshooting.
-
JWester
- Service Provider
- Posts: 63
- Liked: 7 times
- Joined: Apr 04, 2011 8:56 am
- Full Name: Joern Westermann
- Contact:
Re: Testing Malware Detection: How can I trigger guest indexing data scan?
Thanks Anton. Yes, both settings are enabled and I checked if guest files are really in index through a test file restore. Will open a support case.
The guest file index is stored with the backup data? It should work with a S3 target?
The guest file index is stored with the backup data? It should work with a S3 target?
-
JWester
- Service Provider
- Posts: 63
- Liked: 7 times
- Joined: Apr 04, 2011 8:56 am
- Full Name: Joern Westermann
- Contact:
Re: Testing Malware Detection: How can I trigger guest indexing data scan?
Hm, test installation runs under NFR license, so no support id. Ok, will fetch a "real" license later this week.
-
Gostev
- Chief Product Officer
- Posts: 31899
- Liked: 7396 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: Testing Malware Detection: How can I trigger guest indexing data scan?
Not, it is stored on the backup server, so no dependencies on the backup target.
-
Dima P.
- Product Manager
- Posts: 14772
- Liked: 1719 times
- Joined: Feb 04, 2013 2:07 pm
- Full Name: Dmitry Popov
- Location: Prague
- Contact:
Re: Testing Malware Detection: How can I trigger guest indexing data scan?
Hello Joern,
Was was the time frame between running the backup job run with ok-ish PDF files and the backup job run with those files deleted / corrupted? What was the file system on this Linux machine? Thank you!
Was was the time frame between running the backup job run with ok-ish PDF files and the backup job run with those files deleted / corrupted? What was the file system on this Linux machine? Thank you!
Who is online
Users browsing this forum: Bing [Bot] and 159 guests