Unusual File Activity Report

The Unusual File Activity report for Security IQ dashboard displays information about anomalous file systems activity of the protected file system server, or the protected endpoint servers. You can view file path information for the anomalies and track anomaly trending information. This report helps in identifying and acting on potential threats with quick and safe recovery options.

Unusual file activity occurs when a large number of files are created, deleted, modified, or renamed on a client computer, or when the number of created, modified, or deleted files in a backup job suddenly increases or decreases. These situations might indicate the presence of ransomware or other unauthorized changes to the file system data.

The Unusual file activity panel also displays anomalies in the file types of backed up files on Windows clients computers. The anomaly is displayed when there is a mismatch in the file type of the file and the file extension.

The anomaly thresholds are based on historical activity and machine-learning algorithms to reduce false positives from typical activity on the file systems. These activities are monitored by default. To receive alerts when abnormal activities are detected, in Alerts, configure the File Activity Anomaly Alert.

Note: The file anomalies that are older than 30 days are pruned automatically.

The following tables include descriptions for all the columns in each tab in the Unusual file activity panel.

All Tab

Column	Description
Name	The client computer. When you click the client computer, the following detailed reports are available: Unusual File Activity Report for File-Related Anomalies Unusual File Activity Report for Backup Job Anomalies You can use the reports to analyze the statistics.
File anomaly type	The type of anomalous activity, such as the following: File activity File type
Detected time	The time when the anomaly was detected.
File Count	Number of files detected with the anomaly.
Actions	Click the action button , and then select one of the following options: To recover a client from the client list on the panel, as a VM, click Recover as VM. To remove a client or multiple clients from the client list on the panel, click Clear anomaly.

File Activity Tab

Column	Description
Name	The client computer. When you click the client computer, the following detailed reports are available: Unusual File Activity Report for File-Related Anomalies Unusual File Activity Report for Backup Job Anomalies You can use the reports to analyze the statistics.
File anomaly type	The type of anomalous file activity, such as the following: Creation Modification Renaming Deletion
Created files	The number of files that were created at the detected time.
Renamed files	The number of files that were renamed at the detected time.
Deleted files	The number of files that were deleted at the detected time.
Modified files	The number of files that were modified at the detected time.
Detected time	The time when the anomaly was detected.
Actions	Click the action button , and then select one of the following options: To recover a client from the client list on the panel, as a VM, click Recover as VM. To remove a client or multiple clients from the client list on the panel, click Clear anomaly.

File Type Tab

Column	Description
Name	The client computer. When you click the client computer, the following detailed report is available: Unusual File Activity Report for File-Related Anomalies You can use the report to analyze the statistics.
File anomaly type	File type
Detected time	The time when the anomaly was detected.
File Count	Number of files detected with the anomaly.
Actions	Click the action button , and then select one of the following options: To recover a client from the client list on the panel, as a VM, click Recover as VM. To remove a client or multiple clients from the client list on the panel, click Clear anomaly.

Unusual File Activity Report

On this page

All Tab

File Activity Tab

File Type Tab

Creating your PDF