cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

malware detected in the dedup folder - need to know the source

sjvz
Level 3

‎04-19-2016 08:59 AM

i just got alerted that i have malware in one of the dedup folders .

 

1.3.6.1.4.1.3401.12.2.1.1.5.2.283=K:\MSDPData\data\163\167500.bin\00004142.js                1.3.6.1.4.1.3401.12.2.1.1.5.2.203=       1.3.6.1.4.1.3401.12.2.1.1.5.2.223=                1.3.6.1.4.1.3401.12.2.1.1.5.2.213= 1.3.6.1.4.1.3401.12.2.1.1.5.2.233=                1.3.6.1.4.1.3401.12.2.1.1.5.2.253=0           1.3.6.1.4.1.3401.12.2.1.1.5.2.273=                1.3.6.1.4.1.3401.12.2.1.1.5.2.263=             1.3.6.1.4.1.3401.12.2.1.1.5.2.243=NT AUTHORITY\SYSTEM                1.3.6.1.4.1.3401.12.2.1.1.5.2.343=access denied 1.3.6.1.4.1.3401.12.2.1.1.5.2.293=Malware detected                1.3.6.1.4.1.3401.12.2.1.1.5.2.303=1292    1.3.6.1.4.1.3401.12.2.1.1.5.2.353=false                1.3.6.1.4.1.3401.12.2.1.1.5.2.323=VBS/Psyme      1.3.6.1.4.1.3401.12.2.1.1.5.2.313=Critical                1.3.6.1.4.1.3401.12.2.1.1.5.2.333=Trojan

                               

 

is there any way to figure out which client this data came from ?   support told me no , but i am hoping some one else has also run into this.

 

Thanks

0 Kudos
4 REPLIES 4

Marianne
Level 6
Partner    VIP    Accredited Certified

‎04-19-2016 08:22 PM

You need to exclude NBU dedupe folders from AV. See : http://www.veritas.com/docs/000006713

Handy NetBackup Links
0 Kudos

sjvz
Level 3

‎04-20-2016 07:24 AM

Marianne

Do you have any document that shows how to trace which backup job created the file.  I doubt security will approve excluding dedupe folders.

Thanks

0 Kudos

Marianne
Level 6
Partner    VIP    Accredited Certified

‎04-20-2016 07:56 AM

Files and folders in dedupe data folders are created by the NetBackup Dedupe engine, not clients.

I believe the malware mwssage is false - you need to exclude MSDP data folders from Antivirus software.

Not sure why you have .bin folders - these are normally files.Probably something to do with your NBU version.


Handy NetBackup Links
0 Kudos

Will_Restore
Level 6

‎04-20-2016 01:27 PM

Ensure any antivirus software is excluding all NetBackup/MSDP volumes/directories and ignoring all NetBackup processes and network traffic. Failure to do this can result in AV deleting dedup .bin files and performance issues.

https://www.veritas.com/support/en_US/article.HOWTO61249

 

0 Kudos