Hello Veeam Community,I am reaching out with a concern regarding our Veeam version 12.1, as we are consistently receiving malware detection alerts on our VMs. The notifications specifically indicate:Potential malware activity detected: Too many files have had their names changed since the last backup; ensure they were not encrypted by ransomware. Potential malware activity detected: *.ttt (TeslaCrypt 3.0): 40 instances. Potential malware activity detected: *..txt: 2 instances.I have conducted thorough scans on both the VM and the backup, and no malicious activity was found. Could you please provide insights or guidance on whether this is a matter of concern, and if there are additional steps I should take to address this issue?Your assistance in resolving this matter is highly appreciated. Thank you in advance for your support.

Question

Veeam Version 12.1 - Malware Detections Query

4 months ago
13 December 2023
28 comments
2946 views

Userlevel 5

VEEAM_Legend
Comes here often
29 comments

Hello Veeam Community,

I am reaching out with a concern regarding our Veeam version 12.1, as we are consistently receiving malware detection alerts on our VMs. The notifications specifically indicate:

Potential malware activity detected: Too many files have had their names changed since the last backup; ensure they were not encrypted by ransomware.
Potential malware activity detected: *.ttt (TeslaCrypt 3.0): 40 instances.
Potential malware activity detected: *..txt: 2 instances.

I have conducted thorough scans on both the VM and the backup, and no malicious activity was found. Could you please provide insights or guidance on whether this is a matter of concern, and if there are additional steps I should take to address this issue?

Your assistance in resolving this matter is highly appreciated. Thank you in advance for your support.

28 comments

1
2

Page 2 / 2

Userlevel 7

+8

Scott
Veeam Legend
816 comments
27 days ago
2 April 2024

Create a shortcut on your desktop as a huge time saver as many of the files I had were not malware and continue to show up.

Use the size of the log files to compare. They shouldn’t grow or change by a huge amount. You could script something to check vs the previous days and email yourself the changes, but hopefully in the next few versions of Veeam some of this gets fine tuned a bit. I have many false positives, but I did actually find some ransomware files using this feature from about 8 years ago which was interesting.

Userlevel 7

+8

Scott
Veeam Legend
816 comments
27 days ago
2 April 2024

C:\ProgramData\Veeam\Backup\Malware_Detection_Logs

Hey Scott, based off the Malware event he posted, his event is for Inline Entropy scans. When that is used, there is no Malware_Detection_Logs folder and subsequent log file. That is only used for File System Analysis scans.

Oh I misread that. Thanks

Userlevel 7

+17

coolsport00
Veeam Legend
2739 comments
27 days ago
2 April 2024

C:\ProgramData\Veeam\Backup\Malware_Detection_Logs

Hey Scott, based off the Malware event he posted, his event is for Inline Entropy scans. When that is used, there is no Malware_Detection_Logs folder and subsequent log file. That is only used for File System Analysis scans.

Oh I misread that. Thanks

No worries bud.

1
2

Page 2 / 2

Comment

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded