How To Get Round The Microsoft Defender 2gb File Limit For Zip Files

Marc Hedgley 140 Reputation points
2023-12-05T13:16:25.9966667+00:00

We are currently working on a project that involves allowing external clients to upload large zip files to Azure Blob Storage. To enhance security measures, we have implemented Microsoft Defender for Storage to conduct an anti-malware scan upon the receipt of data.

During our implementation, we encountered a limitation with Azure Defender for Storage, specifically a maximum file size limitation of 2 GB per single file. The zip files we anticipate receiving are expected to exceed this size, resulting in the error state: SAM259206: "Scan aborted - the requested blob exceeded the maximum allowed size of 2 GB."

In light of this limitation, we are seeking guidance on potential solutions or workarounds. One consideration we have is to stream the contents of the zip file to a temporary container, allowing individual files within the zip to undergo the Defender scan separately. We would like to inquire if this approach is feasible, and if so, if you could provide guidance on the implementation.

Any insights or recommendations you can share regarding addressing this limitation would be highly valuable to our project. We appreciate your expertise and assistance in this matter.

Thank you for your time, and we look forward to your guidance.

Best regards,

Marc

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,629 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,271 questions
{count} votes

Accepted answer
  1. deherman-MSFT 35,556 Reputation points Microsoft Employee
    2023-12-07T17:38:14.76+00:00

    @Marc Hedgley

    Thank you for your question. The file size limit for Malware Scanning in Defender for Storage is 2 GB per single file, as stated in the documentation. This means that any file larger than 2 GB will not be scanned for malware and will result in the error state you mentioned.

    Your proposed approach of streaming the contents of the zip file to a temporary container and scanning the individual files within the zip file separately sounds feasible, but it may require some additional steps and considerations. For example, you may need to:

    • Use a function app or a logic app to trigger the streaming and scanning process whenever a new zip file is uploaded to your storage account.
    • Use the Azure Storage SDK or REST API to access the zip file and its contents programmatically.
    • Use the Blob Index feature to tag the blobs with their scan results and metadata, such as file name, file type, scan date, etc.
    • Use the Event Grid feature to subscribe to the scan events and perform actions based on the scan results, such as deleting or quarantining malicious files, sending notifications, logging, etc.
    • Monitor the performance and costs of the streaming and scanning process, as it may incur additional charges and latency.

    You can find more information and guidance on how to implement these steps in the following resources:

    I hope this helps you with your project. Please let me know if you have any further questions or feedback.


    If you still have questions, please let us know in the "comments" and we would be happy to help you. Comment is the fastest way of notifying the experts.

    If the answer has been helpful, we appreciate hearing from you and would love to help others who may have the same question. Accepting answers helps increase visibility of this question for other members of the Microsoft Q&A community.

    Thank you for helping to improve Microsoft Q&A!

    User's image

    0 comments No comments

0 additional answers

Sort by: Most helpful