CONAP-245206:即使将扩展名的误报标记为true、工作负载行为中也会显示新观察到的文件扩展名
问题描述
- 在ARW攻击之后、通过将受影响的扩展标记为误报来执行清除可疑项:
::> security anti-ransomware volume attack clear-suspect -vserver SVM1 -volume vol1 -false-positive true -extensions testlog, pdf, tmp- 但是、即使在这之后、工作负载行为输出的"新观察到的文件扩展名"部分也会报告这些扩展名:
::> security anti-ransomware volume workload-behavior show -vserver SVM1 -volume vol1 Vserver: SVM1 Volume: vol1 File Extensions Observed: CSV, xlsx, tmp, dll, pdf, pptx, JPG, cache, cs, VR, xd$, TP, vr, LS, xdw, tx, DLL, xlsm, editorconfig, in, ev, tp, zip, #dw, jpg, dwg, VD, sv, JBI Number of File Extensions Observed: 465Historical Statistics High Entropy Data Write Percentage: 98 High Entropy Data Write Peak Rate (KB/Minute): 27192 File Create Peak Rate (per Minute): 1567 File Delete Peak Rate (per Minute): 1793 File Rename Peak Rate (per Minute): 18Surge Observed Surge Timeline: - High Entropy Data Write Percentage: - High Entropy Data Write Peak Rate (KB/Minute): - File Create Peak Rate (per Minute): - File Delete Peak Rate (per Minute): - File Rename Peak Rate (per Minute): - Newly Observed File Extensions: {color:#172b4d}testlog, pdf, tmp{color} Number of Newly Observed File Extensions: 1, 5, 7