-
- Novice
- Posts: 5
- Liked: 1 time
- Joined: Jun 06, 2024 10:13 am
- Contact:
Malware detection exclusions unflexible
Hi there,
haven't found this topic yet I hope this isn't a duplicate.
We need to exclude a specific filename from malware detection or have the option for wildcards. In my environments we have implemented deception technologies which create files we monitor for malicious activity. These are placed on windows in every user profile folder automatically. Because Malware Detection exclusion allow only exact paths my only option is to exclude the whole file extension, because creating an excluded path for each user is not manageable.
And is there currently a way to limit exclusions to only a specific host or group of hosts and not globally for every endpoint monitored by the specific B&R Server?
Best regards,
PS: tested with current 12.1 release.
haven't found this topic yet I hope this isn't a duplicate.
We need to exclude a specific filename from malware detection or have the option for wildcards. In my environments we have implemented deception technologies which create files we monitor for malicious activity. These are placed on windows in every user profile folder automatically. Because Malware Detection exclusion allow only exact paths my only option is to exclude the whole file extension, because creating an excluded path for each user is not manageable.
And is there currently a way to limit exclusions to only a specific host or group of hosts and not globally for every endpoint monitored by the specific B&R Server?
Best regards,
PS: tested with current 12.1 release.
-
- Product Manager
- Posts: 14689
- Liked: 1693 times
- Joined: Feb 04, 2013 2:07 pm
- Full Name: Dmitry Popov
- Location: Prague
- Contact:
Re: Malware detection exclusions unflexible
Hello zer0,
Path exclusions are available but require latest version. Please update your Veeam B&R installation to the latest patch 12.1.2.172. Thank you!
Path exclusions are available but require latest version. Please update your Veeam B&R installation to the latest patch 12.1.2.172. Thank you!
-
- Novice
- Posts: 5
- Liked: 1 time
- Joined: Jun 06, 2024 10:13 am
- Contact:
Re: Malware detection exclusions unflexible
Hi Dima,
thank you for the reply. As already mentioned I use the current release of 12.1 branch. And exact paths are not a reasonable option for this usecase, because if so, we would have to exclude every possible user profile which is not manageable i.e.: C:/Users/user1/hiddenfolder, C:/Users/user2/hiddenfolder, C:/Users/user3/hiddenfolder, and so on. So we would need either exclusion by filename: "excludefileexample.txt" or Wildcards in paths, both is not an available option in the latest release of veeam.
and it would be great to limit exclusion to only specific hosts and not globally.
thank you for the reply. As already mentioned I use the current release of 12.1 branch. And exact paths are not a reasonable option for this usecase, because if so, we would have to exclude every possible user profile which is not manageable i.e.: C:/Users/user1/hiddenfolder, C:/Users/user2/hiddenfolder, C:/Users/user3/hiddenfolder, and so on. So we would need either exclusion by filename: "excludefileexample.txt" or Wildcards in paths, both is not an available option in the latest release of veeam.
and it would be great to limit exclusion to only specific hosts and not globally.
-
- Product Manager
- Posts: 14689
- Liked: 1693 times
- Joined: Feb 04, 2013 2:07 pm
- Full Name: Dmitry Popov
- Location: Prague
- Contact:
Re: Malware detection exclusions unflexible
Hello zer0,
Thank you for the feedback! I'll add your vote to this feature request! Mind me asking if any particular file or extension is being detected causing you lots of false positive events?
Thank you for the feedback! I'll add your vote to this feature request! Mind me asking if any particular file or extension is being detected causing you lots of false positive events?
-
- Novice
- Posts: 5
- Liked: 1 time
- Joined: Jun 06, 2024 10:13 am
- Contact:
Re: Malware detection exclusions unflexible
Hi Dima,
thank you for adding these feature requests.
thank you for adding these feature requests.
-
- Lurker
- Posts: 1
- Liked: never
- Joined: Jun 11, 2024 7:32 am
- Full Name: David
- Contact:
Re: Malware detection exclusions unflexible
Hello Dima.
Same exact issue in our case with ppam extension. As zer0, we only want to exclude the exact filename, or if possible something like "*\exact_foldername\exact_filename.ppam"
For what it's worth, add another request for this feature.
Thank you!
-
- Product Manager
- Posts: 14689
- Liked: 1693 times
- Joined: Feb 04, 2013 2:07 pm
- Full Name: Dmitry Popov
- Location: Prague
- Contact:
Re: Malware detection exclusions unflexible
Hello and thank you for your post David.
Added your vote too!
Added your vote too!
-
- Novice
- Posts: 3
- Liked: never
- Joined: Oct 04, 2019 10:36 am
- Full Name: Stephen Holder
- Contact:
Re: Malware detection exclusions unflexible
Hi,Dima P. wrote: ↑Jun 06, 2024 11:20 am Path exclusions are available but require latest version. Please update your Veeam B&R installation to the latest patch 12.1.2.172. Thank you!
Forgive me, but I cannot find how to exclude a folder.
We already have 12.1.2.172 installed. I can only add a VM within Malware Detection => Exclusions.
Kind Regards, Stephen
-
- Product Manager
- Posts: 14689
- Liked: 1693 times
- Joined: Feb 04, 2013 2:07 pm
- Full Name: Dmitry Popov
- Location: Prague
- Contact:
Re: Malware detection exclusions unflexible
Hello Stephen,
You can exclude the specific path from file system activity analytics by adding the path here: Managing List of Suspicious Files and Extensions. Thank you!
You can exclude the specific path from file system activity analytics by adding the path here: Managing List of Suspicious Files and Extensions. Thank you!
Who is online
Users browsing this forum: Bing [Bot], Gostev and 99 guests