Azure Backup -- Anti-virus

dexin8101

Hi,

 

One of our employees is using Azure Backup on a laptop, and we receive antivirus alerts every time the backup process is run. Defining a scan exclusion for the "problematic" files and folders doesn't help, presumably because the VSS copy is being scanned. I don't think there's any way to exclude these temporary volume copies. Here is an example alert:

 

Trojan:W32/Generic.1de7271040!Online|Blocked|File|

\Device\HarddiskVolume93\Users\XXXXX\.vscode\extensions\ms-vscode.azure-account-0.3.0\node_modules\ms-rest\lib\serviceClient.js

 

Any idea how we can avoid this alert or suppress it?

 

Thanks!

fedool

Hi,

 

Did you report serviceClient.js as a false positive to https://www.f-secure.com/en/web/labs_global/submit-a-sample ?

That should fix the issue

dexin8101

Thanks for your reply. That would be a temporary solution, but there are a number of files causing these false alerts. Additionally, if more people implement this backup solution, this might become untenable. I thought this might be a known problem and that there might be a solution I'm simply not aware of. If need be, then we'll resort to submitting false positive reports.

fedool

If you have multiple files detected, I could report entire package with all files to be checked. Then we may add generic exclusion so next time it will not be detected as false positive.

Where do you download this package from?

etomcat

Hello,

 

Access to a binary file sample may not even be necessary. I think F-Secure malware detection names that include the string "!Online" are special, as they can be identified from some kind of a cloud repository and fixed for false alarms without sample submission.

 

Best regards: Tamas Feher.