Skip to main content
Question

How to add malware exclusion

  • May 8, 2026
  • 1 comment
  • 15 views
J

I understand the basics of how to add Malware Exclusions. However, I cannot figure out how to deal with some false-positives without severely crippling malware detection and basically making me want to just disable it all together because of the amount of time I have to spend dealing with false-positives because of the lack of granularity.

Here’s an example:

C:\Program Files (x86)\App\FileSec.xml.encrypted
C:\Program Files (x86)\App\Bin\FileSec.xml.encrypted

The files above are easy enough to deal with but the app periodically creates a backup of it’s settings and those two files are replicated to a new path, each time a backup is performed. Example:

C:\ProgramData\AppBackup.76\FileSec.xml.encrypted
C:\ProgramData\AppBackup.76\Bin\FileSec.xml.encrypted

The next backup will be:

C:\ProgramData\AppBackup.77\FileSec.xml.encrypted
C:\ProgramData\AppBackup.77\Bin\FileSec.xml.encrypted

How do I deal with this? Since wildcards can’t be used, the only options that I can think of are to exclude the .encrypted extension or exclude the entire C:\ProgramData\ directory. Both of those options seem too aggressive.

      1 comment

      coolsport00
      Forum|alt.badge.img+22
      • coolsport00
      • Veeam Legend
      • May 8, 2026

      Hmm...this is a difficult one ​@jeffshead . I’m not sure there’s a resolution here. I’ve dove a bit deep into Malware Detection, but mostly with the Inline Entropy Scan engine; not File System Indexing Scanning. Though Inline doesn’t show explicit files/diretories or have the ability to add exclusions, etc., it has this same issue as you share that File System Scan does → For Inline Entropy...when some of my Linux VMs are upgraded (kernel or their pkgs), it “trips” the Veeam Malware Detection engine to throw a Malware Alert. Basically, it’s a false pos. I haven’t researched too in depth on why, but my assumption is it happens similar to your case → new pkg directories or the like.

      Only suggestion I have is either to reach out to Veeam Support to see if there is some workaround, or ping the Veeam Product Manager directly on the Forums to see if he has a solution for you (Dmitry Popov). But honestly...though I like Malware Detection in Veeam, it’s not perfect, but at least does provide another “layer” in our org’s security posture to help us try to thwart malicious vectors.

      Let us know what you find out.

      Best.

      Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
        Terms & ConditionsAccessibility statement