Comprehensive data protection for all workloads
Post Reply
zer0
Novice
Posts: 5
Liked: 1 time
Joined: Jun 06, 2024 10:13 am
Contact:

Malware detection exclusions unflexible

Post by zer0 »

Hi there,

haven't found this topic yet I hope this isn't a duplicate.

We need to exclude a specific filename from malware detection or have the option for wildcards. In my environments we have implemented deception technologies which create files we monitor for malicious activity. These are placed on windows in every user profile folder automatically. Because Malware Detection exclusion allow only exact paths my only option is to exclude the whole file extension, because creating an excluded path for each user is not manageable.

And is there currently a way to limit exclusions to only a specific host or group of hosts and not globally for every endpoint monitored by the specific B&R Server?

Best regards,

PS: tested with current 12.1 release.
Dima P.
Product Manager
Posts: 14689
Liked: 1693 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: Malware detection exclusions unflexible

Post by Dima P. »

Hello zer0,

Path exclusions are available but require latest version. Please update your Veeam B&R installation to the latest patch 12.1.2.172. Thank you!
zer0
Novice
Posts: 5
Liked: 1 time
Joined: Jun 06, 2024 10:13 am
Contact:

Re: Malware detection exclusions unflexible

Post by zer0 »

Hi Dima,

thank you for the reply. As already mentioned I use the current release of 12.1 branch. And exact paths are not a reasonable option for this usecase, because if so, we would have to exclude every possible user profile which is not manageable i.e.: C:/Users/user1/hiddenfolder, C:/Users/user2/hiddenfolder, C:/Users/user3/hiddenfolder, and so on. So we would need either exclusion by filename: "excludefileexample.txt" or Wildcards in paths, both is not an available option in the latest release of veeam.

and it would be great to limit exclusion to only specific hosts and not globally.
Dima P.
Product Manager
Posts: 14689
Liked: 1693 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: Malware detection exclusions unflexible

Post by Dima P. » 1 person likes this post

Hello zer0,

Thank you for the feedback! I'll add your vote to this feature request! Mind me asking if any particular file or extension is being detected causing you lots of false positive events?
zer0
Novice
Posts: 5
Liked: 1 time
Joined: Jun 06, 2024 10:13 am
Contact:

Re: Malware detection exclusions unflexible

Post by zer0 »

Hi Dima,

thank you for adding these feature requests.
davidob
Lurker
Posts: 1
Liked: never
Joined: Jun 11, 2024 7:32 am
Full Name: David
Contact:

Re: Malware detection exclusions unflexible

Post by davidob »

Dima P. wrote: Jun 07, 2024 8:56 am Hello zer0,

Thank you for the feedback! I'll add your vote to this feature request! Mind me asking if any particular file or extension is being detected causing you lots of false positive events?
Hello Dima.
Same exact issue in our case with ppam extension. As zer0, we only want to exclude the exact filename, or if possible something like "*\exact_foldername\exact_filename.ppam"
For what it's worth, add another request for this feature.
Thank you!
Dima P.
Product Manager
Posts: 14689
Liked: 1693 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: Malware detection exclusions unflexible

Post by Dima P. »

Hello and thank you for your post David.

Added your vote too!
longwoodeng
Novice
Posts: 3
Liked: never
Joined: Oct 04, 2019 10:36 am
Full Name: Stephen Holder
Contact:

Re: Malware detection exclusions unflexible

Post by longwoodeng »

Dima P. wrote: Jun 06, 2024 11:20 am Path exclusions are available but require latest version. Please update your Veeam B&R installation to the latest patch 12.1.2.172. Thank you!
Hi,

Forgive me, but I cannot find how to exclude a folder.

We already have 12.1.2.172 installed. I can only add a VM within Malware Detection => Exclusions.

Kind Regards, Stephen
Dima P.
Product Manager
Posts: 14689
Liked: 1693 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: Malware detection exclusions unflexible

Post by Dima P. »

Hello Stephen,

You can exclude the specific path from file system activity analytics by adding the path here: Managing List of Suspicious Files and Extensions. Thank you!
Post Reply

Who is online

Users browsing this forum: Bing [Bot], Gostev and 99 guests