跳转到主内容

自主防兰森(ARP):不将文件扩展名识别为误报

  1. 最后更新
  2. 另存为PDF
Views:
12
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core<a>2009年673840</a>
Last Updated:

适用场景

  • ONTAP 911及更高版本
  • 自主防兰森 (ARP)

问题描述

  • 已在卷上启用ARP
  • 即使在System Manager中和/或使用以下命令将可疑的勒索软件文件标记为误报、ARP文件仍会继续显示:
  • CLI:security anti-ransomware volume attack clear-suspect -vserver <svm> -volume <volume> -false-positive true
  • GUI:Abnormal volume activity detected on <date>     suspected ransomware files
  • 这似乎与新的\未知的扩展名相关、因为报告的每个文件扩展名都不同。

  • 在中 security anti-ransomware volume attack-detection-parameters show, never-seen-before 将设置为 true

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.