Skip to main content

security anti-ransomware volume attack clear-suspect

Contributors
Suggest changes

Clear suspect record

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

The anti-ransomware volume attack clear-suspect command removes the specified files from suspect files report. When no optional parameters are provided, the suspect report file is cleared. If the attack is marked as a true positive, by setting the false-positive parameter to false , the snapshot is retained for 7 days. If marked as a false positive, by setting the false-positive parameter to true , the snapshot is retained for 24 hours.

Parameters

-vserver <vserver name> - Vserver Name

This parameter specifies the Vserver on which the volume is located.

-volume <volume name> - Volume Name

This parameter specifies the name of the volume on which anti-ransomware feature is enabled.

{ [-sequence-number <integer>] - Sequence Number

This optionally specifies the sequence number of the suspect file obtained from generated report.

| [-extensions <text>,…​] - File Extensions

This optionally specifies the extensions of ransomware attacked files that needs to be cleared from attack report.

| [-start-time <MM/DD/YYYY HH:MM:SS>] - Start Time

This optionally specifies the lower bound of the time to clear a suspect record. Any suspect record with time greater than or equal to start-time is cleared.

[-end-time <MM/DD/YYYY HH:MM:SS>] - End Time }

This optionally specifies upper bound of the time to clear a suspect record. Any suspect record with time less than or equal to end-time is cleared.

-false-positive {true|false} - False Positive?

This indicates whether the suspect record of specific extensions, time range, and so on, are to be considered a false positive.

Examples

The following example shows a sample output for clearing all the suspects observed with timestamp in the start-time and end-time range, and with given extension.

clus1::> security anti-ransomware volume attack clear-suspect -volume testvol -start-time "4/14/2021 04:16:48" -end-time "4/14/2021 06:16:50"
5 suspect records cleared.

The following examples shows output when given sequence-number is not present.
clus1::*> security anti-ransomware volume attack clear-suspect -volume testvol -sequence-number 1000

Error: command failed: No suspect records found.