Feature request: Improve default malware detection exclusions

[iDeNt_5]

Case reference 07751303

Hi all,

As requested by the Veeam Support Team, I created a new feature request aimed to improve the Malware Detection default exclusions of the VBR.

As explained in this support case, the VBR malware detection marks as infected the following component of the VBO v8 (latest version) server:
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Veeam.Backup.Interaction.Explorer

Since this is a default embedded component of the VBO, it should not required to manually create a specific exclusion on the Malware Detection component of the VBR.

Thanks.

[david.domask]

Hi iDeNt_5,

Thanks for sharing the case number. I was able to reproduce, and it's not really about the component, it's about the .Explorer part of the name which is being parsed as an extension, which is a real extension used by the Explorer ransomware, so a case of unfortunate naming + match.

Agree though that it should be handled better. Will discuss internally best way to handle, but for now please continue using the exclusion.

[david.domask]

Quick update, we will be resolving this through an update for the Malware Definitions XML, and the false-positive should stop appearing soon. Thanks again for the report!

[iDeNt_5]

Hi David,

Thank you so much for the update, really appreciated!