Active Insights Possible Ransomware

Currently reading
Active Insights Possible Ransomware

Operating system
  1. macOS
Received a notice from Active Insights about possible ransomware on my NAS. Looks like it came from my Mac Studio's Time Machine backup. The files (about 5 of them) are labeled "smbdelete" with additional alphanumeric characters after.

This alerted me about an hour after my Syno upgraded to the latest DSM.

Google seems to suggest these files are harmless and only temporary on Macs. I'm wondering if this is due to the SMB share being unmounted unexpectedly during the DSM update.

I have seen these SMB delete file remnants before: they a 'dotted' hidden files. They are where I have backups happening and I thought it may be between Mac and SMB mounted locations when I was using Carbon Copy Cloner (my go-to for general one-way sync). So I think it's a leftover from some activity that might have overlapped another (?) resulting in this not being cleaned up.

To view hidden files in Mac's Finder you can toggle on/off using key-combo 'shift cmd .'.

Got to say I decided to uninstall Active Insight on all my NAS. Instead I run CMS, which is private, and that sends notifications centrally.

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to! is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads