I love this feature but with the thousands of file types I have I get a ton of false positives.
Is there anyway to customize this “per server” with each file type? or disable for some servers/folders etc?
When I mark a job as clean, it seems to find the files on the next job. I thought that it should assume those files to be ok going forward.
Page 2 / 2
Rick - what do you think of the ability to be able to add folders exclusions, as a future feature enhancement? It appears it would have value. Thoughts?
Just you wait on feature requests I have something brewing.
Ooh can we get a hint.
Yeah...he’s being a tease!
Rick - what do you think of the ability to be able to add folders exclusions, as a future feature enhancement? It appears it would have value. Thoughts?
I would be all for this definitely. It would in a similar fashion to AV exclusions where you can do file, folder, etc.
From my point of view, folder exclusions can be dangerous as you no longer have control and they would never be checked again by the inline scan.
You would need a rule of overwriting scan alarms already detected and accepted by the operator previously and only alerting you if new files are detected etc.
Well in my case if it’s omit specific folders, or don’t use the feature at all, I know what option I’ll chose.
That being said, I understand that if someone omits a root folder it’s not going to be monitored, but if you are going to that extreme you might as well just disable malware scans on that server.
I like the idea of choosing to ignore file types on specific folders/servers. Perhaps I save files to a single location that trigger it every week. That would solve the issue, but not effect monitoring somewhere I want to be alerted on that file type.
I think the idea of accepting currently flagged false positives is the easiest sell though. Users could even have to accept the risk. The list of locations from the malware log file could show up on screen and force them to click confirm to put the responsibility on the Veeam Admin.
It’s would have to be a combination of both to be preventative and reactive to many years of files that I don’t want to go ignore every single folder.
Rick - what do you think of the ability to be able to add folders exclusions, as a future feature enhancement? It appears it would have value. Thoughts?
I would be all for this definitely. It would in a similar fashion to AV exclusions where you can do file, folder, etc.
From my point of view, folder exclusions can be dangerous as you no longer have control and they would never be checked again by the inline scan.
You would need a rule of overwriting scan alarms already detected and accepted by the operator previously and only alerting you if new files are detected etc.
Well in my case if it’s omit specific folders, or don’t use the feature at all, I know what option I’ll chose.
That being said, I understand that if someone omits a root folder it’s not going to be monitored, but if you are going to that extreme you might as well just disable malware scans on that server.
I like the idea of choosing to ignore file types on specific folders/servers. Perhaps I save files to a single location that trigger it every week. That would solve the issue, but not effect monitoring somewhere I want to be alerted on that file type.
I think the idea of accepting currently flagged false positives is the easiest sell though. Users could even have to accept the risk. The list of locations from the malware log file could show up on screen and force them to click confirm to put the responsibility on the Veeam Admin.
It’s would have to be a combination of both to be preventative and reactive to many years of files that I don’t want to go ignore every single folder.
In addition to the option I proposed, one could also implement the feature of granular exclusion of 'file extensions or trusted extensions on the individual server.
That would be perfect. It’s such a new feature I think this will only grow as versions increase. The fact it did trigger some real alerts of encrypted files from something that happened years ago allowed me to clean it all up, and makes me not want to exclude everything.
We have just has a Veeam Malware Detection on a Cisco FMC VMWare VM backup. It’s a Ransomware Note detection. I am thinking the Cisco FMC could legitimately have this in a signature file for AMP, and so it’s a false positive - does anyone agree, please?
We have just has a Veeam Malware Detection on a Cisco FMC VMWare VM backup. It’s a Ransomware Note detection. I am thinking the Cisco FMC could legitimately have this in a signature file for AMP, and so it’s a false positive - does anyone agree, please?
@Charles Leighton - it's difficult to say definitively because 1. Don't know your environment, & 2. Ransomware Note is an Inline Scan & Veeam doesn't provide file names or locations.
That being said, Veeam is working on feature updates for their Malware engine which should help. No timeframe when the update will come though.
We have just has a Veeam Malware Detection on a Cisco FMC VMWare VM backup. It’s a Ransomware Note detection. I am thinking the Cisco FMC could legitimately have this in a signature file for AMP, and so it’s a false positive - does anyone agree, please?
It would be hard to agree or disagree as you will need to investigate the logs to see what was detected and then if a false positive mark it as clean.