Skip to main content
commvault.com commvault.com
Question

Alert: Threat Indicator

  • May 30, 2025
  • 3 replies
  • 179 views
A
Byte
Forum|alt.badge.img+9

All,

I have the Threat Indicator alert enabled on my Commserve.

I have a VSA backup that runs nightly and every evening it picks the same folder and flags it in Monitoring → Threat indicators in the Command Centre and it emails this alert to all.

 

The particular folder it mentions every night runs some DBA scripts that are scheduled.

 

Is there anyway to remove this files ie E;\DBA_Scrits or this VM from the Threat Indicator alert ?

There is nowhere to edit on the Alert in the CommServe, I found the workflow below and ran it but still got an alert the following morning.

 

    3 replies

    A
    Byte
    Forum|alt.badge.img+9
    • atitagain
    • Author
    • Byte
    • June 4, 2025

    anybody?

    Rajiv
    Vaulter
    Forum|alt.badge.img+12
    • RajivVaulter
    • Vaulter
    • June 6, 2025

    Hi ​@atitagain 

    To remove the files in the E:\DBA_Scripts directory from being flagged in the Threat Indicator alert, you can add an additional setting to exclude the specific path or file types.

    Here are the steps you can follow:

    1. Log into the Command Center.
    2. Navigate to Manage > System > Settings.
    3. Add the additional setting sAnomalyFilters to exclude the path or file types that are causing the false positives.

    For more information on excluding specific paths or file types, you can refer to the Additional Setting: sAnomalyFilters

    Best,

    Rajiv Singal

    Onno van den Berg
    Commvault Certified Expert
    Forum|alt.badge.img+20

    Hi ​@atitagain 

    To remove the files in the E:\DBA_Scripts directory from being flagged in the Threat Indicator alert, you can add an additional setting to exclude the specific path or file types.

    Here are the steps you can follow:

    1. Log into the Command Center.
    2. Navigate to Manage > System > Settings.
    3. Add the additional setting sAnomalyFilters to exclude the path or file types that are causing the false positives.

    For more information on excluding specific paths or file types, you can refer to the Additional Setting: sAnomalyFilters

    Best,

    Rajiv Singal

    Are you sure this key works for Threat Indicator alerts who are triggered as a result of VSA level file indexing? The key is applied on category FileSystemAgent. 

    Terms & ConditionsCookie settingsAccessibility statement