The Unusual File Activity report for Security IQ dashboard displays information about anomalous file systems activity of the protected file system server, or the protected endpoint servers. You can view file path information for the anomalies and track anomaly trending information. This report helps in identifying and acting on potential threats with quick and safe recovery options.
Unusual file activity occurs when a large number of files are created, deleted, modified, or renamed on a client computer, or when the number of created, modified, or deleted files in a backup job suddenly increases or decreases. These situations might indicate the presence of ransomware or other unauthorized changes to the file system data.
The Unusual file activity panel also displays anomalies in the file types of backed up files on Windows clients computers. The anomaly is displayed when there is a mismatch in the file type of the file and the file extension.
The anomaly thresholds are based on historical activity and machine-learning algorithms to reduce false positives from typical activity on the file systems. These activities are monitored by default. To receive alerts when abnormal activities are detected, in Alerts, configure the File Activity Anomaly Alert.
Note: The file anomalies that are older than 30 days are pruned automatically.
The following tables include descriptions for all the columns in each tab in the Unusual file activity panel.
All Tab
Column | Description |
---|---|
Name | The client computer. When you click the client computer, the following detailed reports are available:
You can use the reports to analyze the statistics. |
File anomaly type | The type of anomalous activity, such as the following:
|
Detected time | The time when the anomaly was detected. |
File Count | Number of files detected with the anomaly. |
Actions | Click the action button
|
File Activity Tab
Column | Description |
---|---|
Name | The client computer. When you click the client computer, the following detailed reports are available:
You can use the reports to analyze the statistics. |
File anomaly type | The type of anomalous file activity, such as the following:
|
Created files | The number of files that were created at the detected time. |
Renamed files | The number of files that were renamed at the detected time. |
Deleted files | The number of files that were deleted at the detected time. |
Modified files | The number of files that were modified at the detected time. |
Detected time | The time when the anomaly was detected. |
Actions | Click the action button
|
File Type Tab
Column | Description |
---|---|
Name | The client computer. When you click the client computer, the following detailed report is available:
You can use the report to analyze the statistics. |
File anomaly type | File type |
Detected time | The time when the anomaly was detected. |
File Count | Number of files detected with the anomaly. |
Actions | Click the action button
|