Malware scan exclusions

[joloo]

I am trying to exclude paths (not exensions) from the SureBackup malware scan.

For an example, the scan report shows the following false positive:

C:\VeeamFLR\SERVER_320e0a0b\Volume1\Windows\Installer\88cf9daa.msi->Icon.UNINST_Uninstall_R_3B1E3C8B7D0945898DA82CEEED02F0C7.exe

Of course, that is the virtual mounted file system that SureBackup creates.

In the Malware Settings, I have the following as a trusted path:
C:\Windows\Installer\
-and-
C:\VeeamFLR\SERVER_320e0a0b\Volume1\Windows\Installer\

It still gets flagged. Also, that number "320e0a0b" seems to change each time, and I'm not sure which of those 2 paths I should actually be adding to the trusted paths.

[david.domask]

Hi joloo,

Just to confirm, you're setting the exclusions on the Suspicious Files list or where specifically did you add the exclusions?

Please review the note on that section, as this list is for the malware detection Guest Indexing scan. If you're talking about the SureBackup Scan Backup, that is using the installed anti-virus on the mount server, not the Suspicious Files list. So you would set these exclusions on your installed anti-virus.

As for the path to exclude, if your AV supports paths with wildcards, probably you would want something like:

C:\VeeamFLR\*\Volume*\Windows\Installer\*

The numbers you mentioned will change for each run, so that's why an exclusion like this is needed.

[joloo]

The 3-line button in the upper left of Veeam -> Malware Detection -> File masks to monitor -> Trusted Objects

I assume that it is Veeam detecting these files, not my AV, because the report is coming from Veeam.

[david.domask]

Got it, then indeed, that is not what the SureBackup Antivirus scan does. Veeam uses the locally installed AV based on the Anti-Virus Scan XML definitions added to Veeam. Likely, Windows Defender is being used, but for these scans, it's using the local AV and the results of the scan are then presented through Veeam.