跳转到主内容

ARP不再检测到以前从未检测到的文件扩展名

  1. 最后更新
  2. 另存为PDF
Views:
2
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
CORE
Last Updated:

适用场景

问题描述

  • 当 EMS 引发 ARP 事件时,自主勒索软件防护不再检测系统管理器中从未见过的低熵文件扩展名:

callhome.arw.activity.seen: Call-home message for vol1 (UUID: volume-uuid) Vserver-01 (UUID: Vserver-UUID)

  • 存储> > 安全> 反勒索软件下没有 ARP 菜单,它显示一些灰色空白条。ARP
  • 报告或security anti-ransomware volume workload-behavior show可以显示检测到的文件扩展名。
  • 系统管理器 REST API/api/storage/volumes失败:

Wed May 28 2025 10:45:59 +09:00 [kern_audit:info:8832]cluster: http :: cluster-mgmt:52791 :: cluster:admin :: GET /api/storage/volumes/vol1_uuid?fields=anti_ransomware%2Canti_ransomware.state%2Cuuid%2Cstate%2Cis_svm_root%2Ctype%2Cstyle%2Csnaplock%2Csvm%2Canti_ransomware.dry_run_start_time%2Canti_ransomware.attack_probability%2C%2C%2C%2Cflexcache_endpoint_type&return_timeout=120 HTTP/1.1 : ["X-Dot-Client-App: SMv4"] :: Error: 502 Proxy Error

  • MGWD 响应系统管理器 REST API 时,日志显示报告文件中包含无效值/api/storage/volumes

Wed May 28 2025 10:45:59 +09:00 [kern_mgwd:error:3086] Report file have invalid values: " " [ARW_LOG src/tables/antiransomware/arw_util.cc:748 in 'parse_report_file_line']

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.