Redstor's malware detection service identifies and quarantines potentially malicious files in your machine and cloud backups. You can then check and action these files from the RedApp.
- With respect to cloud services, Redstor currently scans only Microsoft 365 (SharePoint, Exchange, OneDrive, Teams) and Google Workspace (Gmail, Drive and Classroom) backups for malware.
- Redstor's service cannot scan data stored in the customer's own cloud or servers. Only files in Redstor backups can be scanned, and only once a backup has been completed.
- The malware detection service is only available for ESE agents (no SE or DL).
What is malware?
Malware (short for malicious software) typically consists of code developed by cyber attackers, designed to cause extensive damage to data and systems or to gain unauthorised access to a network. Malware encompasses any code or other content that could have a harmful or undesirable impact on an organisation's systems or services.
How does malware enter a system?
- Users opening malicious email attachments or embedded links
- Users browsing (or being directed to) websites that contain malicious content
- User importing malicious data from social media or other web-based services
- Users introducing removable media or untrusted devices like smartphones
How does Redstor's malware detection service work?
Once the malware detection service has been enabled, Redstor's system will automatically scan your backup data each time a backup completes, looking for indicators that malware is present in any of the files that have been added or changed since the last backup.
- In the case of a new malware detection customer, once the feature has been enabled on their Collection or Group, the files from all their historical backups will also be scanned for malware, as well as all new data that is ingested after the feature is added.
If malicious files are found, they are automatically quarantined. The user is notified of this and asked to take action on the files, which can only be done from the RedApp (not via ESE). A quarantined file can be:
- Marked as safe, which removes the file from quarantine.
- Reverted to a previous version (if one exists) that does not contain malware.
Any of these actions can be taken on a single file, or in bulk by selecting multiple files. See Article 1315 for more detail.
Which file types does the service scan?
Currently, the malware detection service scans the following file types:
- DOC, DOCM, DOCX
- PPT, PPTM, PPTX
- XLS, XLSB, XLSM, XLSX
At what point does the data get scanned? How long does this take?
Data is scanned each time a new backup is run. The scan takes place once the data has reached our StorageServers. From here, the data is transferred under SSL encryption into the malware engine, which runs inference and feature extraction on the files to detect malware.
Our processing times for malware detection on machines are currently:
- First backup scan: 14h 54m 25s
- Subsequent scan: 20m 27s
How good is Redstor's service at spotting malware?
Our overall detection accuracy is 99.35%, with accuracy as high as 99.9% for some file types.
Can I still recover infected files?
To protect our customers, we do not allow recovery of files that have been found to contain malware. To action quarantined files from the RedApp, see Article 1315.
If I already have anti-virus software in place, do I need malware detection?
It is important to note that anti-virus protects your data, not your backups. If your machine is infected with malware, your anti-virus will detect it. However, when you want to restore the data from that machine, you want to be sure that it is not also infected.
Anti-virus is therefore not the same as anti-malware. Anti-virus deals with more established threats, such as Trojans, viruses, and worms. Anti-malware typically focuses on newer threats, such as polymorphic malware or malware delivered by zero-day exploits. Anti-virus protects against lingering, more predictable threats, whereas anti-malware protects against the latest, in-the-wild, potentially more dangerous threats.
In addition, anti-malware typically updates its rules faster than anti-virus, meaning that it’s the best protection against new malware that you might encounter while surfing the internet. Our machine learning model is constantly evolving based on user behaviour, and gets updated with new virus definitions weekly - unlike most anti-virus software, which evolves more slowly and requires manual software upgrades to stay relevant.