I have some questions, regarding malware detection
I´ve just enabled and some things crosseed my mind:
1) If a malware is found, would I receive a mail message regarding it?
today I got na email message: [Success] Daily malware detection report (0 malware events for 0 workloads) / Inline and Index analytics summary
In the event of finding anything would I get a mail message, alerting it?
2) Last week I was struggling to make the malware downlaod signatures working, due to some crazy problems. Now, I think everything is Ok, but i´m afraid of getting the same problem back again, or worse, if internet access fails, for some reason, would I be notified about it? IN the event of not being able to download new signatures, would I get a mail message or another warning to tell me that the signatires are old?
3) Can i schedule the downlaod of malware definitions to avoid the defualt 00?00 time? Can i do something about, using powershell? Can I use powershell to downlaod malware definitions?
4) How can I SIMULATE a malware being found? Can I securely test the malware detection to make sure that the products is really doing its job? Can I use the EICAR test file to simulate a problem: Is malware detction able to see EICAR test file as a threat?
-
fborup
- Influencer
- Posts: 11
- Liked: 1 time
- Joined: Apr 14, 2020 7:11 pm
- Full Name: fborup
- Contact:
-
david.domask
- Veeam Software
- Posts: 2931
- Liked: 674 times
- Joined: Jun 28, 2016 12:12 pm
- Contact:
Re: malware detection - Featurwes, capabilities, etc
Hi fborup,
1. Sure, Configure it in the Malware Detection options
2. Can you share a bit more on the issue and how you spotted it? And you're talking about the Suspicious Files XML or Veeam Threat Hunter? For the former, as noted in the User Guide link before, you can always manually update it to ensure that a network issue doesn't interfere
3. Same question as with 2, can you confirm if you're talking about the Suspicious Files information or the Veeam Threat Hunter signature updates? For Veeam Threat Hunter, these are updated every time before running the scan. At this time not configurable, it will happen as needed during scans
4. EICAR is the way to go here for Veeam Threat Hunter testing; for other Malware Detection items (e.g., bulk delete, file extension changing, etc), you can reproduce the issues noted here on a test machine and then do a backup to test. (This is how I test in my lab for example)
1. Sure, Configure it in the Malware Detection options
2. Can you share a bit more on the issue and how you spotted it? And you're talking about the Suspicious Files XML or Veeam Threat Hunter? For the former, as noted in the User Guide link before, you can always manually update it to ensure that a network issue doesn't interfere
3. Same question as with 2, can you confirm if you're talking about the Suspicious Files information or the Veeam Threat Hunter signature updates? For Veeam Threat Hunter, these are updated every time before running the scan. At this time not configurable, it will happen as needed during scans
4. EICAR is the way to go here for Veeam Threat Hunter testing; for other Malware Detection items (e.g., bulk delete, file extension changing, etc), you can reproduce the issues noted here on a test machine and then do a backup to test. (This is how I test in my lab for example)
David Domask | Product Management: Principal Analyst
Who is online
Users browsing this forum: Amazon [Bot] and 44 guests