Comprehensive data protection for all workloads
Post Reply
sheru
Novice
Posts: 5
Liked: 3 times
Joined: Oct 11, 2018 1:05 pm
Full Name: Shareej
Contact:
Contact sheru

Why is it so hard to find details of Malware Detections?

Post by sheru »

Trying to figure out what exactly was detected by Veeam can be a complete puzzle. For example, I recently had an onion link detected on a virtual appliance, but there was no information about which file triggered the alert. After digging a bit, I found out the detection came from the Inline Entropy Scan. The relevant log file for that is located at: C:\ProgramData\Veeam\Backup\Svc.VeeamDataAnalyzer.log. But here's the kicker: that log doesn’t actually provide detailed information about the file or path! Why? Because the scan happens at the block level while the data is in transit, so the system can’t pinpoint the actual file or its location. 😔

Then there's another log location for File System Analysis scans: C:\ProgramData\Veeam\Backup\Malware_Detection_Logs. And for backup scans with Veeam Threat Hunter (Windows only), you'll find details under: C:\ProgramData\Veeam\Backup\FLRSessions\Windows\FLR__<machinename>_\Antivirus. This path is on the mount server. But again, this works only for Windows machines. Why is backup scanning not supported on Linux when FLR is available? That makes no sense. Will this improve in Veeam v13?

Now, imagine you've followed Veeam’s own best practice and disabled RDP on your backup server. To review a detection, you now have to manually log into the backup server and each mount server to hunt down various logs just to understand what was flagged.Why can’t we have a Inventory > Malware Detection or History > Malware Detectionscreen show all malware detection results and logs are available in one place?
Top
Mildur
Product Manager
Posts: 10689
Liked: 2893 times
Joined: May 13, 2017 4:51 pm
Full Name: Fabian K.
Location: Switzerland
Contact:
Contact Mildur

Re: Why is it so hard to find details of Malware Detections?

Post by Mildur » 1 person likes this post

Hi Shareej,

Thank you for your honest feedback. We are aware that there is room for improvement in how our Malware Logs are presented to backup administrators. I hope that with the new Web UI in the future, we will be able to use different options for providing such logs.

For your two main questions:
1. You can use a script to list files and their path detected by our inline scan: https://www.veeam.com/kb4632
2. Veeam Threat Hunter for Linux will become available in V13.

Best,
Fabian
Product Management Analyst @ Veeam Software
Top
sheru
Novice
Posts: 5
Liked: 3 times
Joined: Oct 11, 2018 1:05 pm
Full Name: Shareej
Contact:
Contact sheru

Re: Why is it so hard to find details of Malware Detections?

Post by sheru »

Thank you for the reply. Provided is greart resource to find when encrypted files detected. Is there such tools exist for other type of malware detection (eg: Ransom notes)?
Top
Post Reply

Return to “Veeam Backup & Replication”



Who is online

Users browsing this forum: Bing [Bot] and 13 guests