Skip to main content

Hello Veeam Community,

I am reaching out with a concern regarding our Veeam version 12.1, as we are consistently receiving malware detection alerts on our VMs. The notifications specifically indicate:

  • Potential malware activity detected: Too many files have had their names changed since the last backup; ensure they were not encrypted by ransomware.
  • Potential malware activity detected: *.ttt (TeslaCrypt 3.0): 40 instances.
  • Potential malware activity detected: *..txt: 2 instances.

I have conducted thorough scans on both the VM and the backup, and no malicious activity was found. Could you please provide insights or guidance on whether this is a matter of concern, and if there are additional steps I should take to address this issue?

Your assistance in resolving this matter is highly appreciated. Thank you in advance for your support.

Create a shortcut on your desktop as a huge time saver as many of the files I had were not malware and continue to show up.

 

Use the size of the log files to compare. They shouldn’t grow or change by a huge amount. You could script something to check vs the previous days and email yourself the changes, but hopefully in the next few versions of Veeam some of this gets fine tuned a bit. I have many false positives, but I did actually find some ransomware files using this feature from about 8 years ago which was interesting. 

 

 


C:\ProgramData\Veeam\Backup\Malware_Detection_Logs

Hey Scott, based off the Malware event he posted, his event is for Inline Entropy scans. When that is used, there is no Malware_Detection_Logs folder and subsequent log file. That is only used for File System Analysis scans.

 

Oh I misread that. Thanks 


C:\ProgramData\Veeam\Backup\Malware_Detection_Logs

Hey Scott, based off the Malware event he posted, his event is for Inline Entropy scans. When that is used, there is no Malware_Detection_Logs folder and subsequent log file. That is only used for File System Analysis scans.

 

Oh I misread that. Thanks 

No worries bud.


Comment