Malware Activity Detected
Sent when malware activity is detected. For more information, see Malware Detection.
General Information
Event ID: 41600
Event message details: Potential malware activity detected: <Details>
Severity: Warning
Parameters
Parameter Name | Description | Example |
|---|---|---|
DetectionTimeUTC | Date and time when malware activity has been detected. | DetectionTimeUTC="03/20/2025 13:05:41" |
OibID | Machine ID. | OibID="0e54d3bf-add8-48eb-9122-fad3ac1e8fb3" |
ActivityType | Malware activity type. Possible values:
| ActivityType="EncryptedData" |
UserName | Name of the user who performed an operation. | UserName="TECH\user1" |
UserFullInfo | Detailed information about the user who performed an operation. Includes the following data:
| UserFullInfo="<ModifiedUserInfo fullName="TECH\user1" loginType="0" />" |
ObjectName | Object name. | ObjectName="VM01" |
VbrHostName | Backup server name. Can be a DNS name, an FQDN or an IP address. | VbrHostName="vbrsrv01.tech.local" |
VbrVersion | Veeam Backup & Replication version. | VbrVersion="12.3.1.1139" |
Version | Event version (service parameter). | Version="1" |
Description | Event message details. | Description="Potential malware activity detected for OIB: 0e54d3bf-add8-48eb-9122-fad3ac1e8fb3 (VM01), rule: Encrypted data by user: TECH\user1." |
Syslog Message Example
1 2025-03-20T14:06:09.662307+02:00 VBRSRV01 Veeam_MP - - [origin enterpriseId="31023"] [categoryId=0 instanceId=41600 DetectionTimeUTC="03/20/2025 13:05:41" OibID="0e54d3bf-add8-48eb-9122-fad3ac1e8fb3" ActivityType="EncryptedData" UserName="TECH\user1" UserFullInfo="<ModifiedUserInfo fullName="TECH\user1" loginType="0" />" ObjectName="VM01" VbrHostName="vbrsrv01.tech.local" VbrVersion="12.3.1.1139" Version="1" Description="Potential malware activity detected for OIB: 0e54d3bf-add8-48eb-9122-fad3ac1e8fb3 (VM01), rule: Encrypted data by user: TECH\user1."] |
