Unusual File Activity Report

Updated

The Unusual File Activity report for Security IQ dashboard displays information about anomalous file systems activity of the protected file system server, or the protected endpoint servers. You can view file path information for the anomalies and track anomaly trending information. This report helps in identifying and acting on potential threats with quick and safe recovery options.

Unusual file activity occurs when a large number of files are created, deleted, modified, or renamed on a client computer, or when the number of created, modified, or deleted files in a backup job suddenly increases or decreases. These situations might indicate the presence of ransomware or other unauthorized changes to the file system data.

The anomaly thresholds are based on historical activity and machine-learning algorithms to reduce false positives from typical activity on the file systems. These activities are monitored by default. To receive alerts when abnormal activities are detected, in Alerts, configure the File Activity Anomaly Alert.

The following table includes descriptions for all the column in the Unusual file activity report:

Column

Description

Name

The client computer.

When you click the client computer, the following detailed reports are available:

You can use the reports to analyze the statistics.

File anomaly type

The type of anomalous activity, such as the following:

  • Creation

  • Modification

  • Renaming

  • Deletion

Created files

The number of files that were created at the detected time.

Renamed files

The number of files that were renamed at the detected time.

Deleted files

The number of files that were deleted at the detected time.

Modified files

The number of files that were modified at the detected time.

Detected time

The time when the anomaly was detected.

Actions

Click the action button , and then select one of the following options:

  • To recover a server from the server list on the panel, as a VM, click Recover as VM.

  • To remove a server or multiple servers from the server list on the panel, click Clear anomaly.