Veeam Backup & Replication 12
User Guide for VMware vSphere
Related documents
Search

Multiple Extension Changes

To detect multiple extension changes, the Veeam Data Analyzer Service compares guest indexing data from two restore points. The later restore point will be compared with the earliest restore point from the same 25-hour period. If there is no restore point, the scan will use the most recent restore point from the same 30-day period. If multiple extension changes are present only in the later restore point, a malware detection event is created.

A malware detection event will be created in the following cases:

  • If the following conditions are met:
  • At least 200 files on the system have a new extension.
  • These extensions are not specified in the SuspiciousFiles.xml file.
  • If one of the following conditions is met:
  • The total number of new unique extensions exceeds 5000.
  • The most common extension of changed files in a folder represents less than 1% of all extensions in this folder.
  • The most common extension of changed files in a folder is greater than or equal to 80% of all extensions in this folder.

Each folder that appears in both restore points and contains at least one file with a new extension is compared.

Page updated 11/29/2024

Page content applies to build 12.3.0.310

View all results across Veeam
Back to document search