Since starting using Veeam Malware Detection with Inline Entropy Analysis we received many false/positive detections related to Onion link. I understood that Veeam can't show me what files or where it's located, so I created an YARA rule to give me more details.
I analysed many different detection and all is related to oficial Windows components or thirty party AV. All of then is false/positive. To avoid new detections I just have one option, mark as clean and flag "Exclude the workload from malware detection".
With this action I also exlclude this workload from any other detection, what is not the best scenario. If I could simple exclude this specific kind of detection from my enviorment I believe will be the best approach.
Case # 07691527
-
lgtodes001
- Lurker
- Posts: 1
- Liked: never
- Joined: May 12, 2025 3:08 pm
- Full Name: Leonardo Guisso
- Contact:
Who is online
Users browsing this forum: Bing [Bot] and 3 guests