Microsoft Defender AV protection on Azure files - doesn't appear to be detecting test file

asked 2022-12-29T12:33:04.42+00:00
Steve 1 Reputation point

We are migrating our server estate to Azure at the moment and intend to migrate from our current on prem Windows file servers to Azure Files.

I have created and configured a storage account and share and test copied some data up. All good.

Next I'm wanting to confirm that security meets requirements. We have Microsoft Defender for cloud enabled on the storage but when I drop an eicar.com test file into a folder on the share it is not getting picked up. I tested the same file on a Defender protected server and it was detected instantly.

I have read in a couple of places that Defenders for storage can take a couple of hours to detect a threat which is not ideal if a malicious file has been placed on and potentially run from the share.

I've seen a few 3rd party products suggested along with logic apps that run scans at each update though this was more for blob storage than Azure files.

Has anyone implemented Azure Files and how have you implemented Anti Virus to protect it? Am I missing something in my Defender configuration or can anything be done to speed up detection?

Azure Files
Azure Files
An Azure service that offers file shares in the cloud.
764 questions
No comments
{count} votes

3 answers

Sort by: Most helpful
  1. answered 2022-12-29T12:47:15.88+00:00
    Neetesh Kumar Singh 1 Reputation point

    Hello @Steve

    Microsoft Defender for Azure is a security solution that provides antivirus protection for Azure file shares. If you are experiencing an issue with Microsoft Defender for Azure not detecting a test file, there could be several reasons for this. Here are a few things you can try to troubleshoot the issue:

    Verify that Microsoft Defender for Azure is enabled for the file share: Microsoft Defender for Azure is disabled by default for new file shares. To enable it, you need to set the "Antivirus" property of the file share to "Enabled".

    Check the status of the Microsoft Defender for Azure service: Make sure that the Microsoft Defender for Azure service is running and configured properly.

    Check the Microsoft Defender for Azure logs: The Microsoft Defender for Azure logs can provide more information about why the test file is not being detected. To access the logs, you can use the Azure portal or the Azure Storage PowerShell cmdlets.

    Verify that the test file is a known malware: If the test file is a known malware, it should be detected by Microsoft Defender for Azure. If the file is not a known malware, it may not be detected.

    Check for any exclusions: If you have added any exclusions in Microsoft Defender for Azure, make sure that the test file is not being excluded.

    I hope this information helps. If you are still experiencing issues with Microsoft Defender for Azure not detecting a test file, please provide more details about the specific steps you have taken and the exact error message you are seeing. This will help me provide a more accurate troubleshooting solution.

    No comments

  2. answered 2022-12-29T13:30:27.043+00:00
    Neetesh Kumar Singh 1 Reputation point

    Hello @Steve

    Microsoft Defender for Azure is a security solution that provides antivirus protection for Azure file shares. If you are experiencing an issue with Microsoft Defender for Azure not detecting a test file, there could be several reasons for this. Here are a few things you can try to troubleshoot the issue:

    Verify that Microsoft Defender for Azure is enabled for the file share: Microsoft Defender for Azure is disabled by default for new file shares. To enable it, you need to set the "Antivirus" property of the file share to "Enabled".

    Check the status of the Microsoft Defender for Azure service: Make sure that the Microsoft Defender for Azure service is running and configured properly.

    Check the Microsoft Defender for Azure logs: The Microsoft Defender for Azure logs can provide more information about why the test file is not being detected. To access the logs, you can use the Azure portal or the Azure Storage PowerShell cmdlets.

    Verify that the test file is a known malware: If the test file is a known malware, it should be detected by Microsoft Defender for Azure. If the file is not a known malware, it may not be detected.

    Check for any exclusions: If you have added any exclusions in Microsoft Defender for Azure, make sure that the test file is not being excluded.

    I hope this information helps. If you are still experiencing issues with Microsoft Defender for Azure not detecting a test file, please provide more details about the specific steps you have taken and the exact error message you are seeing. This will help me provide a more accurate troubleshooting solution.

    No comments

  3. answered 2022-12-29T15:33:22.55+00:00
    Steve 1 Reputation point

    Thanks for your response.

    Microsoft Defender for Azure is enabled on the storage. I don't see that there is anywhere else I need to enable it once it is enabled for the storage account. selecting Defender for cloud from the storage account menu shows that defender for storage is enabled with no alerts or recommendations.

    where would I see Microsoft Defender for storage logs?

    As this is a storage account where would I be configuring it?

    The test file is a good Eicar test file, tested by copying it to a Windows Defender protected server which detected it straight away.

    No comments