Windows Seeing PBS Chunk File as Trojan

[colin1234]

I have PBS running on my Synology NAS and I have the backup share mounted to a Windows VM for cloud backups with Backblaze. I logged in today to check on status and it seems that Windows is seeing one of the PBS Chunk files as an "AgentTesla" Trojan. It reports it about once an hour. Windows doesn't have write permission to that drive so it's not actually removing it. How is this possible? The chunk files are just pieces of a VM aren't they? Even if one of the VMs did have a Trojan, Windows isn't able to discern that from a single ~2MB chunk file right?

 

[sw-omit]

1. Just exclude your Z-drive from Windows Defender, no need to cause CPU-overhead for something that is probably wrong and it can't fix anyway
2. Most AV-packages look for certain signatures to find if a virus/malware/trojan is there (not for a whole program/hash). It might just be that this chuck had a reported signature/set-of-ones-and-zeros inside it by chance, causing it to be triggered

 

[_gabriel]

perhaps Defender doesn't like name "badc" in folder / file.

 

[sw-omit]

99.9% of the time, anti-viruses don't care about the name of a file, maybe just the extension (eg scanning executable files more often then .txt files)
If you were to look at the EICAR test-file [1] for example, a file for testing AntiViruses without needing a virus, the name doesn't matter, just the (start of) the file's contents.

[1] https://www.eicar.org/download-anti-malware-testfile/