04-19-2016 08:59 AM
i just got alerted that i have malware in one of the dedup folders .
1.3.6.1.4.1.3401.12.2.1.1.5.2.283=K:\MSDPData\data\163\167500.bin\00004142.js 1.3.6.1.4.1.3401.12.2.1.1.5.2.203= 1.3.6.1.4.1.3401.12.2.1.1.5.2.223= 1.3.6.1.4.1.3401.12.2.1.1.5.2.213= 1.3.6.1.4.1.3401.12.2.1.1.5.2.233= 1.3.6.1.4.1.3401.12.2.1.1.5.2.253=0 1.3.6.1.4.1.3401.12.2.1.1.5.2.273= 1.3.6.1.4.1.3401.12.2.1.1.5.2.263= 1.3.6.1.4.1.3401.12.2.1.1.5.2.243=NT AUTHORITY\SYSTEM 1.3.6.1.4.1.3401.12.2.1.1.5.2.343=access denied 1.3.6.1.4.1.3401.12.2.1.1.5.2.293=Malware detected 1.3.6.1.4.1.3401.12.2.1.1.5.2.303=1292 1.3.6.1.4.1.3401.12.2.1.1.5.2.353=false 1.3.6.1.4.1.3401.12.2.1.1.5.2.323=VBS/Psyme 1.3.6.1.4.1.3401.12.2.1.1.5.2.313=Critical 1.3.6.1.4.1.3401.12.2.1.1.5.2.333=Trojan
is there any way to figure out which client this data came from ? support told me no , but i am hoping some one else has also run into this.
Thanks
04-19-2016 08:22 PM
04-20-2016 07:24 AM
Marianne
Do you have any document that shows how to trace which backup job created the file. I doubt security will approve excluding dedupe folders.
Thanks
04-20-2016 07:56 AM
Files and folders in dedupe data folders are created by the NetBackup Dedupe engine, not clients.
I believe the malware mwssage is false - you need to exclude MSDP data folders from Antivirus software.
Not sure why you have .bin folders - these are normally files.Probably something to do with your NBU version.
04-20-2016 01:27 PM
Ensure any antivirus software is excluding all NetBackup/MSDP volumes/directories and ignoring all NetBackup processes and network traffic. Failure to do this can result in AV deleting dedup .bin files and performance issues.
https://www.veritas.com/support/en_US/article.HOWTO61249