Since starting using Veeam Malware Detection with Inline Entropy Analysis we received many false/positive detections related to Onion link. I understood that Veeam can't show me what files or where it's located, so I created an YARA rule to give me more details.
I analysed many different detection and all is related to oficial Windows components or thirty party AV. All of then is false/positive. To avoid new detections I just have one option, mark as clean and flag "Exclude the workload from malware detection".
With this action I also exlclude this workload from any other detection, what is not the best scenario. If I could simple exclude this specific kind of detection from my enviorment I believe will be the best approach.
Case # 07691527
I analysed many different detection and all is related to oficial Windows components or thirty party AV. All of then is false/positive. To avoid new detections I just have one option, mark as clean and flag "Exclude the workload from malware detection".
With this action I also exlclude this workload from any other detection, what is not the best scenario. If I could simple exclude this specific kind of detection from my enviorment I believe will be the best approach.
Case # 07691527
Statistics: Posted by lgtodes001 — May 12, 2025 3:29 pm