[SOLVED] EDR detect strange file : /tmp/{5ad992d9-5ea8-466c-9934-2b7783349bfd}/vblkid

General support questions
Post Reply
Adrien.D
Posts: 23
Joined: 2016/10/26 06:57:18

[SOLVED] EDR detect strange file : /tmp/{5ad992d9-5ea8-466c-9934-2b7783349bfd}/vblkid

Post by Adrien.D » 2023/02/03 07:33:27

Hello,

Each day at 19:00 (CET) my EDR detect a file in a temporary folder :

Code: Select all

successfully quarantined the threat vblkid on Wed, 01 Feb 2023, 18:03:09 UTC.
Threat path: /tmp/{5ad992d9-5ea8-466c-9934-2b7783349bfd}/vblkid
I don't know what is it ?

No crontab at this time.

I know the blkid command but not vblkid.

I don't have a partition with this UUID : 5ad992d9-5ea8-466c-9934-2b7783349bfd

Can you help me to knowwhat is this file ?

I had this alert after deploying a VM Template, but 2 days ago, i deployed this template for 2 VMS, only 1 have this message.

Thanks
Last edited by Adrien.D on 2023/02/06 10:00:14, edited 1 time in total.

BShT
Posts: 584
Joined: 2019/10/09 12:31:40

Re: EDR detect strange file : /tmp/{5ad992d9-5ea8-466c-9934-2b7783349bfd}/vblkid

Post by BShT » 2023/02/04 15:21:37

seems to be a veem file

Adrien.D
Posts: 23
Joined: 2016/10/26 06:57:18

Re: EDR detect strange file : /tmp/{5ad992d9-5ea8-466c-9934-2b7783349bfd}/vblkid

Post by Adrien.D » 2023/02/06 09:59:58

Hello,

Yes thanks !
Maybe it's possible because the EDR alert is when backup starts.

This weekend i don't activate the job on Sunday to verify if it's not a CRON and no alert

I will search why now on VEEAM Software or EDR configuration

Post Reply