Hello Veeam Community,I am reaching out with a concern regarding our Veeam version 12.1, as we are consistently receiving malware detection alerts on our VMs. The notifications specifically indicate:Potential malware activity detected: Too many files have had their names changed since the last backup; ensure they were not encrypted by ransomware. Potential malware activity detected: *.ttt (TeslaCrypt 3.0): 40 instances. Potential malware activity detected: *..txt: 2 instances.I have conducted thorough scans on both the VM and the backup, and no malicious activity was found. Could you please provide insights or guidance on whether this is a matter of concern, and if there are additional steps I should take to address this issue?Your assistance in resolving this matter is highly appreciated. Thank you in advance for your support.

Question

Veeam Version 12.1 - Malware Detections Query

1 year ago
December 13, 2023
28 comments
4523 views

VEEAM_Legend
Comes here often
29 comments

Hello Veeam Community,

I am reaching out with a concern regarding our Veeam version 12.1, as we are consistently receiving malware detection alerts on our VMs. The notifications specifically indicate:

Potential malware activity detected: Too many files have had their names changed since the last backup; ensure they were not encrypted by ransomware.
Potential malware activity detected: *.ttt (TeslaCrypt 3.0): 40 instances.
Potential malware activity detected: *..txt: 2 instances.

I have conducted thorough scans on both the VM and the backup, and no malicious activity was found. Could you please provide insights or guidance on whether this is a matter of concern, and if there are additional steps I should take to address this issue?

Your assistance in resolving this matter is highly appreciated. Thank you in advance for your support.

Show first post

1
2

Page 2 / 2

+8

Scott
Veeam Legend
993 comments
11 months ago
April 2, 2024

Create a shortcut on your desktop as a huge time saver as many of the files I had were not malware and continue to show up.

Use the size of the log files to compare. They shouldn’t grow or change by a huge amount. You could script something to check vs the previous days and email yourself the changes, but hopefully in the next few versions of Veeam some of this gets fine tuned a bit. I have many false positives, but I did actually find some ransomware files using this feature from about 8 years ago which was interesting.

+8

Scott
Veeam Legend
993 comments
11 months ago
April 2, 2024

coolsport00 wrote:

Scott wrote:

C:\ProgramData\Veeam\Backup\Malware_Detection_Logs

Hey Scott, based off the Malware event he posted, his event is for Inline Entropy scans. When that is used, there is no Malware_Detection_Logs folder and subsequent log file. That is only used for File System Analysis scans.

Oh I misread that. Thanks

+20

coolsport00
Veeam Legend
4109 comments
11 months ago
April 2, 2024

Scott wrote:

coolsport00 wrote:

Scott wrote:

C:\ProgramData\Veeam\Backup\Malware_Detection_Logs

Hey Scott, based off the Malware event he posted, his event is for Inline Entropy scans. When that is used, there is no Malware_Detection_Logs folder and subsequent log file. That is only used for File System Analysis scans.

Oh I misread that. Thanks

No worries bud.

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00

1
2

Page 2 / 2

Comment

Related topics

Veeam Backup & Replication - Syslog Events - Let's dive deeper

[guide] v12.1 Beta: How to Install PostgreSQL 15.4 & VBR 12.1 & EM + Malware Detect Extension to Monitor

Veeam 100 Summit - Live Blog #Day 0 + 1

Veeam VBR - 12.1 Upgrade with VHR Upgrade Requirements

Strange Warning: Failed to publish malware detection metadata to the catalogicon

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded