Microsoft Defender For Cloud Log4j Vulnerability Scanning Capability

Question

Problem : I wanted to test Log4j Vulnerability capability with Microsoft Defender for Cloud. I have enabled Microsoft Defender for Cloud with Integrated Qualys scanner for Vulnerability Assessment in my Test Azure Subscription.
However after waiting for more than 48 hours, the Microsoft Defender for Cloud still does not show the Log4j Vulnerability.

Troubleshooting :

1. In order to replicate the issue , I have install MS SQL Server on my test machine, which contains Log4j at the following location C:\Program Files\Microsoft SQL Server\150\DTS\Extensions\Common\Jars\log4j-1.2.17.jar .
2. Verified the WindowsAgent.Azure Security Center status is Provisioned. See below : (removed customer id while pasting here)
   [
   {
   "code": "ComponentStatus/Log file/succeeded",
   "level": "Info",
   "displayStatus": "Provisioning succeeded",
   "message": "2022-10-29T14:53:21Z LogFileFolder: C:\WindowsAzure\Logs\Plugins\Qualys.WindowsAgent.AzureSecurityCenter\1.0.0.18"
   },
   {
   "code": "ComponentStatus/Configuration data/succeeded",
   "level": "Info",
   "displayStatus": "Provisioning succeeded",
   "message": "2022-10-29T14:53:22Z CustomerId: ActivationID: WebServiceUri: https://qagpublic.qg2.apps.qualys.eu/CloudAgent/"
   },
   {
   "code": "ComponentStatus/Qualys Agent Start/succeeded",
   "level": "Info",
   "displayStatus": "Provisioning succeeded",
   "message": "2022-10-29T14:53:24Z Agent starting."
   },
   {
   "code": "ComponentStatus/Registering/succeeded",
   "level": "Info",
   "displayStatus": "Provisioning succeeded",
   "message": "2022-10-29T14:53:24Z Agent is trying to register with the Qualys platform."
   },
   {
   "code": "ComponentStatus/Registering/succeeded",
   "level": "Info",
   "displayStatus": "Provisioning succeeded",
   "message": "2022-10-29T14:53:55Z Agent registered with the Qualys platform successfully."
   },
   {
   "code": "ComponentStatus/Azure settings/succeeded",
   "level": "Info",
   "displayStatus": "Provisioning succeeded",
   "message": "2022-10-29T14:54:25Z Azure settings sent to the Qualys platform successfully."
   }
   ]
3. After waiting for 48 hrs I downloaded the Qualys Log4j scan file from the GitHub https://github.com/Qualys/log4jscanwin and ran it locally on my test server. To my surprise the script gave the correct output as I was expecting : See results below :

Qualys Log4j Vulnerability Scanner 2.1.3.0
https://www.qualys.com/
Dependencies: minizip/1.1 zlib/1.2.11, bzip2/1.0.8, rapidjson/1.1.0
Supported CVE(s): CVE-2021-4104, CVE-2021-44228, CVE-2021-44832, CVE-2021-45046, CVE-2021-45105

Known TAR Extensions : .tar
Known GZIP TAR Extensions : .tgz, .tar.gz
Known BZIP TAR Extensions : .tbz, .tbz2, .tar.bz, .tar.bz2
Known ZIP Extensions : .zip, .jar, .war, .ear, .par, .kar, .sar, .rar, .jpi, .hpi, .apk

Scanning Local Drives...
Log4j Found: 'C:\Program Files\Microsoft SQL Server\150\DTS\Extensions\Common\Jars\hive-exec-2.1.0.jar'
( Manifest Vendor: org.apache.hive, Manifest Version: 2.1.0, JNDI Class: NOT Found, Log4j Vendor: Unknown, Log4j Version: Unknown, CVE Status: Unknown )
Log4j Found: 'C:\Program Files\Microsoft SQL Server\150\DTS\Extensions\Common\Jars\log4j-1.2.17.jar'
( Manifest Vendor: Apache Software Foundation, Manifest Version: 1.2.17, JNDI Class: NOT Found, Log4j Vendor: log4j, Log4j Version: 1.2.17, CVE Status: Potentially Vulnerable ( CVE-2021-4104: Found ) )

Thus, I am wondering if there is a problem with Microsoft Defender Qualys Scanner as it does not seem to be performing a proper scan.

One of my client is also experiencing similar issues.