Hi all,
I have question regarding the file mask function within the file detection section of the Malware detection settings.
When I put for example the path C:\VeeamFL\ into the section (trusted objects) does it mean that this path is excluded from the file detection scan option and the encryption detection option (enable inline entopy analysis) as well?
Regards
Oliver
-
OMW72
- Enthusiast
- Posts: 61
- Liked: 5 times
- Joined: Nov 16, 2022 2:18 pm
- Contact:
-
vnikiforov
- Product Manager
- Posts: 40
- Liked: 12 times
- Joined: Aug 17, 2022 5:03 am
- Full Name: Vladimir Nikiforov
- Location: Romania
- Contact:
Re: File mask config (trusted objects)
Hello, Oliver,
No, adding a path like C:\VeeamFL\ to the Trusted objects section does NOT exclude it from the encryption detection (inline entropy analysis). It only excludes it from the file detection scan.
The documentation is clear on this point:
To exclude a file name or file extension listed in the SuspiciousFiles.xml file and ignore it during the scan, do the following: Help Center - Excluding Suspicious Files and Extensions
To ignore a specific file or a folder during the scan: Help Center - Excluding Files and Folders
Excluding files and folders here is applied only to the following malware activity types:
This is a completely different detection mechanism. The inline scan operates at the data block level during backup processing, not at the file-system metadata level. It scans the data stream for
encrypted files, onion links, and ransom notes. The inline scan does not reference the Trusted objects list from the File Detection tab at all (Help Center - Encryption Detection).
No, adding a path like C:\VeeamFL\ to the Trusted objects section does NOT exclude it from the encryption detection (inline entropy analysis). It only excludes it from the file detection scan.
The documentation is clear on this point:
To exclude a file name or file extension listed in the SuspiciousFiles.xml file and ignore it during the scan, do the following: Help Center - Excluding Suspicious Files and Extensions
To ignore a specific file or a folder during the scan: Help Center - Excluding Files and Folders
Excluding files and folders here is applied only to the following malware activity types:
- Known suspicious files and extensions
- Renamed files
- Deleted files
This is a completely different detection mechanism. The inline scan operates at the data block level during backup processing, not at the file-system metadata level. It scans the data stream for
encrypted files, onion links, and ransom notes. The inline scan does not reference the Trusted objects list from the File Detection tab at all (Help Center - Encryption Detection).
---
BR,
Vladimir
Veeam Software
BR,
Vladimir
Veeam Software
-
OMW72
- Enthusiast
- Posts: 61
- Liked: 5 times
- Joined: Nov 16, 2022 2:18 pm
- Contact:
Re: File mask config (trusted objects)
Hi Vladimir,
thanks for the quick response in this matter.
Finally there is no filter for the inline entropy analysis option availble. The complete VBK/VIB (RestorePoint) will be usedfor the scan it is is not possible to break it down to the file-level.
Regards,
Oliver
thanks for the quick response in this matter.
Finally there is no filter for the inline entropy analysis option availble. The complete VBK/VIB (RestorePoint) will be usedfor the scan it is is not possible to break it down to the file-level.
Regards,
Oliver
-
vnikiforov
- Product Manager
- Posts: 40
- Liked: 12 times
- Joined: Aug 17, 2022 5:03 am
- Full Name: Vladimir Nikiforov
- Location: Romania
- Contact:
Re: File mask config (trusted objects)
Hello, Oliver,
On this, you are correct, but the inline entropy scans data as it is read from the source; inline entropy scan does not scan the backup files themselves. The purpose of the entropy scan is to detect common malware indicators in the data read during backup, and as such, there is nothing to "exclude".
On this, you are correct, but the inline entropy scans data as it is read from the source; inline entropy scan does not scan the backup files themselves. The purpose of the entropy scan is to detect common malware indicators in the data read during backup, and as such, there is nothing to "exclude".
---
BR,
Vladimir
Veeam Software
BR,
Vladimir
Veeam Software
-
OMW72
- Enthusiast
- Posts: 61
- Liked: 5 times
- Joined: Nov 16, 2022 2:18 pm
- Contact:
Re: File mask config (trusted objects)
Hi Vladimr,
again thanks for the quick response and explanation.
Regards,
Oliver
again thanks for the quick response and explanation.
Regards,
Oliver
-
OMW72
- Enthusiast
- Posts: 61
- Liked: 5 times
- Joined: Nov 16, 2022 2:18 pm
- Contact:
Re: File mask config (trusted objects)
Hi Vladimir,
just to be sure the only possibility to exlude VM´s from the inline entopy scan is inside the option: burgermenu--> global exclusion--> malware exclusion--add VM , correct?
Regards,
Oliver
just to be sure the only possibility to exlude VM´s from the inline entopy scan is inside the option: burgermenu--> global exclusion--> malware exclusion--add VM , correct?
Regards,
Oliver
-
vnikiforov
- Product Manager
- Posts: 40
- Liked: 12 times
- Joined: Aug 17, 2022 5:03 am
- Full Name: Vladimir Nikiforov
- Location: Romania
- Contact:
Re: File mask config (trusted objects)
Hello, Oliver,
As per User's Guide this option excludes the following:
Malware exclusions are applied only to guest indexing data scan and inline scan and do not affect scan using Veeam Threat Hunter, third-party antivirus software, or YARA.
VM scan exclusion types
As per User's Guide this option excludes the following:
Malware exclusions are applied only to guest indexing data scan and inline scan and do not affect scan using Veeam Threat Hunter, third-party antivirus software, or YARA.
VM scan exclusion types
---
BR,
Vladimir
Veeam Software
BR,
Vladimir
Veeam Software
Who is online
Users browsing this forum: 6equj5, Chris Kay, NikoWana, Semrush [Bot] and 166 guests