Skip to main content

What does the deleted_files_...log indicate in Malware detection log? Is veeam removing files from the production server or the backups?

If I am not mistaken that shows what it removes from the backups not your production server.  I would not see Veeam doing that but it is a good indicator to run a scan on your servers too.


You can also check this post on the community for a deep dive - Deep dive Inline Malware Detection | Veeam Community Resource Hub

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Thanks . i can see so many .txt has been removed from username/appdata 


Also check this post for a better understanding and deep dive - Veeam Malware Detection – A Forensics & Analysis 'How-To' Guide | Veeam Community Resource Hub


Hi @Nikks -

Great question! As this Forums posts states, what this file is...and it’s new with the latest release by Veeam...is a new log file of all files which Veeam saw was deleted, raising a Malware event. 

https://forums.veeam.com/veeam-backup-replication-f2/malware-detection-too-many-files-have-had-their-names-changed-t92081.html

“A log for deleted files has also been added with the previous patch”

The new release Release Notes also state this file is new:

https://www.veeam.com/kb4510

“Bulk Rename events will now create detailed logs with the list of affected files in the following location: C:\ProgramData\Veeam\Backup\Malware_Detection_Logs”

Hope that helps!


Got my answer , Thank you all


Got my answer , Thank you all

That is great.  Please ensure to mark the answer from your thread that best helped you get the answer.  Ensure it is the best answer so it will help others out.


Hi @Nikks -

Glad to hear you got your answer, but was the post selected as "Best Answer" (my article Chris shared) really what provided you your answer? Just verifying because my article is in regards to Inline Entropy & the file you reference is for File System Analysis. I would think the Forums link & link to latest update Release Notes which both discuss the file & it's purpose is what helped you out...but I could be wrong 😊

I just want to make sure others who may have the same question & see your post benefit. 


One question - When enabling inline scan ,How do I scan data blocks as most scanners just scan the file system, is it done automatically by inline ?


Yes. It’s done by Veeam via the Proxies.


Comment