Skip to main content
  • EN
Solved

Malware detection log

What does the deleted_files_...log indicate in Malware detection log? Is veeam removing files from the production server or the backups?

10 comments

Chris.Childerhose
Userlevel 7
Badge +21

If I am not mistaken that shows what it removes from the backups not your production server.  I would not see Veeam doing that but it is a good indicator to run a scan on your servers too.

Chris Childerhose - VMCA2024 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 4* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
Chris.Childerhose
Userlevel 7
Badge +21

You can also check this post on the community for a deep dive - Deep dive Inline Malware Detection | Veeam Community Resource Hub

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Chris Childerhose - VMCA2024 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 4* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
N
Userlevel 5
Badge +1

Thanks . i can see so many .txt has been removed from username/appdata 

Chris.Childerhose
Userlevel 7
Badge +21

Also check this post for a better understanding and deep dive - Veeam Malware Detection – A Forensics & Analysis 'How-To' Guide | Veeam Community Resource Hub

Chris Childerhose - VMCA2024 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 4* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
coolsport00
Userlevel 7
Badge +19

Hi @Nikks -

Great question! As this Forums posts states, what this file is...and it’s new with the latest release by Veeam...is a new log file of all files which Veeam saw was deleted, raising a Malware event. 

https://forums.veeam.com/veeam-backup-replication-f2/malware-detection-too-many-files-have-had-their-names-changed-t92081.html

“A log for deleted files has also been added with the previous patch”

The new release Release Notes also state this file is new:

https://www.veeam.com/kb4510

“Bulk Rename events will now create detailed logs with the list of affected files in the following location: C:\ProgramData\Veeam\Backup\Malware_Detection_Logs”

Hope that helps!

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
N
Userlevel 5
Badge +1

Got my answer , Thank you all

Chris.Childerhose
Userlevel 7
Badge +21

Got my answer , Thank you all

That is great.  Please ensure to mark the answer from your thread that best helped you get the answer.  Ensure it is the best answer so it will help others out.

Chris Childerhose - VMCA2024 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 4* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
coolsport00
Userlevel 7
Badge +19

Hi @Nikks -

Glad to hear you got your answer, but was the post selected as "Best Answer" (my article Chris shared) really what provided you your answer? Just verifying because my article is in regards to Inline Entropy & the file you reference is for File System Analysis. I would think the Forums link & link to latest update Release Notes which both discuss the file & it's purpose is what helped you out...but I could be wrong 😊

I just want to make sure others who may have the same question & see your post benefit. 

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
N
Userlevel 5
Badge +1

One question - When enabling inline scan ,How do I scan data blocks as most scanners just scan the file system, is it done automatically by inline ?

coolsport00
Userlevel 7
Badge +19

Yes. It’s done by Veeam via the Proxies.

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00

Comment


Terms & Conditions