Unusual File Activity Report for File-Related Anomalies

The Unusual file activity report for file-related anomalies is a preview of file-related activities gathered from all Windows clients that have 11.23 or a more recent feature release. You can use this report to track large file anomalies for all Windows clients in the Commvault environment. For example, file activity such as deleting a large number of files or creating a large number of files might be flagged as anomalous.

Note

For a given point in time, the system only saves tracking activity on a maximum of 50 folder paths. However, if there is activity on more than 50 paths, their history can be found in the client's cviomonitor.log file.

The anomaly thresholds are based on historical activity and machine-learning algorithms to help reduce false positives from typical activity on the file system.

File activities on the Windows client computer are checked every 5 minutes and any abnormal activity is reported to the administrator by an alert and event. For the first 7 days, the client computer is monitored and analyzed for daily activity. After 7 days, a baseline of file activities is established and alerts and events are sent to the administrator when a large number of abnormal file activities is detected.

Up to 30 days of file activities are maintained in a database on the client computer for use by the monitoring algorithm.

The following options are available in the upper-right corner of the page:

  • To remove a client that has unusual file activity from the client list in the report, click Delete anomaly.

  • To recover a client that has unusual file activity, as a VM, click Recover files.

    The data prior to the file-related anomaly is recovered.

Report Description

The Unusual file activity report for file-related anomalies is divided into the following sections: Unusual file activity chart and Unusual file activity data.

Unusual File Activity Chart

This chart displays information about the number of files that are affected by the user activity in the Commvault environment over a period of a day or a week.

The following image is an example of the unusual file activity for file-related anomalies chart section:

embd_report description Unusual File Activity Report for File-Related Anomalies (1)

Unusual File Activity Table

The following table includes descriptions for all the columns in the Unusual file activity table for file-related anomalies.

Column

Description

Path

The path to the folder that contains the files that are affected by anomalous activity.

Created files

The number of files that were created in the given path at the detected time.

Renamed files

The number of files that were renamed in the given path at the detected time.

Deleted files

The number of files that were deleted in the given path at the detected time.

Modified files

The number of files that were modified in the given path at the detected time.

Detected time

The time when the anomaly was detected.

Actions

To restore a path that has unusual file activity from the folder path list, click the action button action_button, and then click Restore.

Alternatively, to restore multiple paths that have unusual file activity from the folder path list, select multiple paths, and then in the upper-right corner of the section, click Restore.

Note

The data before the file-related anomaly is restored.

Performing File System Restores

Loading...