-
- Veteran
- Posts: 316
- Liked: 22 times
- Joined: Dec 01, 2019 7:27 pm
- Contact:
Malware detection - Bulk file renaming
Hy!
I have a file server, and nabled the indexing during backup. Last night I ran Windows Update and installed lots of update. The veeam has been reported the following after the server update:
Type: Bulk file renaming
Details: Potential malware activity detected: too many files have had their names changed since last backup, ensure they were not encrypted by ransomware
Are there any log where I can check which files modified?
Could there be a connection between the update and the many file changes?
Thanks.
I have a file server, and nabled the indexing during backup. Last night I ran Windows Update and installed lots of update. The veeam has been reported the following after the server update:
Type: Bulk file renaming
Details: Potential malware activity detected: too many files have had their names changed since last backup, ensure they were not encrypted by ransomware
Are there any log where I can check which files modified?
Could there be a connection between the update and the many file changes?
Thanks.
-
- Product Manager
- Posts: 10100
- Liked: 2696 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Malware detection - Bulk file renaming
Hi Adam
There is no log yet for "bulk file renaming".
It should be added in the upcoming patch.
Best,
Fabian
There is no log yet for "bulk file renaming".
It should be added in the upcoming patch.
Yes, it's possible. Have you included %windir% in the guest file indexing options?Could there be a connection between the update and the many file changes?
Best,
Fabian
Product Management Analyst @ Veeam Software
-
- Veteran
- Posts: 316
- Liked: 22 times
- Joined: Dec 01, 2019 7:27 pm
- Contact:
Re: Malware detection - Bulk file renaming
Hello Fabian,
Thanks. The guest file indexing option is:
Indexing everything expect:
- %windir%
- %ProgramFiles%
- %ProgramFiles(x86)%
- %ProgramW6432%
- %TEMP%
Is it meean that the indexing is not apply on %windir%?
Thanks.
Thanks. The guest file indexing option is:
Indexing everything expect:
- %windir%
- %ProgramFiles%
- %ProgramFiles(x86)%
- %ProgramW6432%
- %TEMP%
Is it meean that the indexing is not apply on %windir%?
Thanks.
-
- Chief Product Officer
- Posts: 31969
- Liked: 7439 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
-
- Veteran
- Posts: 316
- Liked: 22 times
- Joined: Dec 01, 2019 7:27 pm
- Contact:
Re: Malware detection - Bulk file renaming
Thanks. But how can I identify that it is a false warning (so not malware activities) or not?
-
- Chief Product Officer
- Posts: 31969
- Liked: 7439 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: Malware detection - Bulk file renaming
See the previous reply, the conventient way is coming.
-
- Chief Product Officer
- Posts: 31969
- Liked: 7439 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: Malware detection - Bulk file renaming
And until this log is available, you can use the Compare to Production functionality of the File-Level Recovery wizard to see all the changed files between the selected restore point and production environment.
-
- Veteran
- Posts: 316
- Liked: 22 times
- Joined: Dec 01, 2019 7:27 pm
- Contact:
Who is online
Users browsing this forum: Google [Bot] and 57 guests