How to get Malware Detection to quit false-alarming on .onion links?

[mikeely]

This is our second-most-frequent false alarm (the first, obviously, being encrypted files, which absolutely hates encrypted homedirs). Given how difficult it is to find the supposed onion link and given that it's triggered for my own VDI which is not running Windows and is not running any tor stuff, and showing up on similar machines operated by others, it's become clear that this is just a nuisance alert. (unfortunately, Malware Detection seems to be only nuisance alerts and I'd turn it off entirely if it weren't for some "security"-by-checkbox nonsense)

Thing is, I can't find anywhere in the VBR UI to disable onion link alerts. How do I make it stop?

[Dima P.]

Hello Mike,

Can you share a screenshot of such event? If onion link is detected by the index analytics the path should be stored in the logs (and you can globally exclude either the path or the machine entirely). Thank you!

[mikeely]

Next time one comes up I'll grab a screenshot - I cleared the alerts as they were clearly bogus. How does one find the path of the link or file? I couldn't dig it out of the UI anywhere. Seems like an obvious thing you'd want to surface so I'm sure I was just missing something.