Malware detection exclusions unflexible

[zer0]

Hi there,

haven't found this topic yet I hope this isn't a duplicate.

We need to exclude a specific filename from malware detection or have the option for wildcards. In my environments we have implemented deception technologies which create files we monitor for malicious activity. These are placed on windows in every user profile folder automatically. Because Malware Detection exclusion allow only exact paths my only option is to exclude the whole file extension, because creating an excluded path for each user is not manageable.

And is there currently a way to limit exclusions to only a specific host or group of hosts and not globally for every endpoint monitored by the specific B&R Server?

Best regards,

PS: tested with current 12.1 release.

[Dima P.]

Hello zer0,

Path exclusions are available but require latest version. Please update your Veeam B&R installation to the latest patch 12.1.2.172. Thank you!

[zer0]

Hi Dima,

thank you for the reply. As already mentioned I use the current release of 12.1 branch. And exact paths are not a reasonable option for this usecase, because if so, we would have to exclude every possible user profile which is not manageable i.e.: C:/Users/user1/hiddenfolder, C:/Users/user2/hiddenfolder, C:/Users/user3/hiddenfolder, and so on. So we would need either exclusion by filename: "excludefileexample.txt" or Wildcards in paths, both is not an available option in the latest release of veeam.

and it would be great to limit exclusion to only specific hosts and not globally.

[Dima P.]

Hello zer0,

Thank you for the feedback! I'll add your vote to this feature request! Mind me asking if any particular file or extension is being detected causing you lots of false positive events?

[zer0]

Hi Dima,

thank you for adding these feature requests.

[davidob]

Hello zer0,

Thank you for the feedback! I'll add your vote to this feature request! Mind me asking if any particular file or extension is being detected causing you lots of false positive events?

Hello Dima.
Same exact issue in our case with ppam extension. As zer0, we only want to exclude the exact filename, or if possible something like "*\exact_foldername\exact_filename.ppam"
For what it's worth, add another request for this feature.
Thank you!

[Dima P.]

Hello and thank you for your post David.

Added your vote too!

[longwoodeng]

Path exclusions are available but require latest version. Please update your Veeam B&R installation to the latest patch 12.1.2.172. Thank you!

Hi,

Forgive me, but I cannot find how to exclude a folder.

We already have 12.1.2.172 installed. I can only add a VM within Malware Detection => Exclusions.

Kind Regards, Stephen

[Dima P.]

Hello Stephen,

You can exclude the specific path from file system activity analytics by adding the path here: Managing List of Suspicious Files and Extensions. Thank you!