Issue After ARW attack, clear-suspect is performed by marking the affected extensions as false positives: ::> security anti-ransomware volume attack clear-suspect -vserver SVM1 -volume vol1 -false-pos...Issue After ARW attack, clear-suspect is performed by marking the affected extensions as false positives: ::> security anti-ransomware volume attack clear-suspect -vserver SVM1 -volume vol1 -false-positive true -extensions testlog, pdf, tmp However, even after that, the extensions are reported in the "Newly Observed File Extensions" section of the workload behaviour output: ::> security anti-ransomware volume workload-behavior show -vserver SVM1 -volume vol1 Vserver: SVM1 Volume: vol1 File Exte…