System Manager Dashboard shows x volume has abnormal activity but volume security tab don't shows View Suspected File Types button
Applies to
- ONTAP release with fix version of CONTAP-105971
- Autonomous Ransomware Protection (ARP) or Anti_Ransomware (ARW)
Issue
- System Manager Events section raised an alert with x Volume has abnormal activity.
- There is no [View Suspected File File Types] button under Storage > Volumes > Security > Anti-Ransomware
- ARW attack detection based on new file extentions only.
::> security anti-ransomware volume attack-detection-parameters show -vserver svm1 -volume vol1
Vserver Name : svm1
Volume Name : vol1
Is Detection Based on High Entropy Data Rate? : true
Is Detection Based on Never Seen before File Extension? : true
Never Seen before File Extensions Count Notify Threshold : 20
Never Seen before File Extensions Duration in Hour : 24
- ARW attack is reported on volume with low threats.
::> security anti-ransomware volume show -vserver svm1 -volume vol1
Vserver Name: svm1
Volume Name: vol1
State: enabled
Dry Run Start Time: -
Attack Probability: low
Attack Timeline: 4/5/2025 12:06:48
Number of Attacks: 1
- No surge observed and no entries are found in
Newly Observed File Extensionsin the workload behavior output:
::> security anti-ransomware volume workload-behavior show -vserver svm1 -volume vol1
Vserver: svm1
Volume: vol1
File Extensions Observed: log,...
Number of File Extensions Observed: 433
Historical Statistics
High Entropy Data Write Percentage: 57
High Entropy Data Write Peak Rate (KB/Minute): 298340
File Create Peak Rate (per Minute): 9
File Delete Peak Rate (per Minute): 5
File Rename Peak Rate (per Minute): 3
Surge Observed
Surge Timeline: -
High Entropy Data Write Percentage: -
High Entropy Data Write Peak Rate (KB/Minute): -
File Create Peak Rate (per Minute): -
File Delete Peak Rate (per Minute): -
File Rename Peak Rate (per Minute): -
Newly Observed File Extensions: -
Number of Newly Observed File Extensions: -
