Malware detection

Post by **matteu** » Sep 29, 2025 9:18 am this post

Hello,

I have on my customer an alert with potential file. I remove the parent folder because it's on a temp location, clean the alert and made a new backup.
Now I have a new detection because too much html removal were done (they were in the folder I removed).
So I clean the alert and made a new job again but this alert is still there.
Is it expected ? Do I need to wait 24h for this alert to not come back again ?

Post by **Dima P.** » Sep 29, 2025 8:59 pm this post

Hello matteu,

No, once the file or folder is excluded from processing it should not any longer raise malware events. Can you please raise a support case and share the ID with us? We will take a look at your logs. Thank you!

Post by **matteu** » Sep 29, 2025 10:39 pm this post

Hello,
Thanks for your answer.
I didn t exclude it. I marked it as clan only.
If you confirm me it s not normal I can open a case and share the number yes.

Post by **Dima P.** » Oct 01, 2025 8:40 pm this post

Marking the restore point as clean unfortunately does not whitelist the suspicions file. You need to exclude such file from processing. Thank you!

Post by **matteu** » Oct 06, 2025 12:39 pm this post

Thanks for your answer.
Maybe I wasn't clear enough.

The first time I saw the issue, it was a malware detection.
So I remove the entire folder with the malware. Then I clean the alarm.
On the next backup, I have a new alert "bulk file deletion" because there was lot's of files in the folder I removed.
I clean this new alert about bulk file deletion and executed a manual backup job for this VM and the alert about bulk file deletion is displayed again.

I think there is a delay because it doesn't come back as alarm because today I clean up the alert (1 week later) and now the alert don't pop up again

Post by **Dima P.** » Oct 07, 2025 1:15 pm this post

On the next backup, I have a new alert "bulk file deletion" because there was lot's of files in the folder I removed.

Aha, got it. For the bulk file deletion even indeed no action is required as this activity is not regular (and we compare the restore point indexes between latest restore points anyway).

Post by **matteu** » Oct 07, 2025 4:10 pm this post

Yes the test I did shows that you don t look only the latest one but several.

Post by **Dima P.** » Oct 07, 2025 5:13 pm this post

The time frame for the latest restore point is 24 hours. After this period, we will begin using the later index for comparison and analytics.

Oct 08, 2025 7:33 pm

Thanks for the explanation

R&D Forums

Malware detection

Re: Malware detection

Re: Malware detection

Re: Malware detection

Re: Malware detection

Re: Malware detection

Re: Malware detection

Re: Malware detection

Re: Malware detection

Who is online