Share via

Virus Scanning on uploaded file via Web application

Hai Dang Huy 6 Reputation points
2022-02-09T04:26:55.33+00:00

Hi all,
We have a Web application using Azure App Service (ASP.NET v4.8), Azure SQL database, and Storage Account (Containers). Microsoft Defender for Cloud is also our EndPoint security tool to protect Azure resources. This app has an upload file function. Uploaded files will be stored to the storage.

How to use Microsoft Defender to scan for viruses and ensure uploaded files are clean?

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,934 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. brtrach-MSFT 17,731 Reputation points Microsoft Employee Moderator
    2022-02-16T05:58:09.157+00:00

    @Hai Dang Huy Thank you for reaching out with your question. We understand that you would like to use Microsoft Defender for Cloud to ensure your Azure Storage account is protected.

    The functionality to secure Azure Storage with Microsoft Defender for Cloud is Generally Available (GA). This means you can start your implementation of it.

    Please note that at this time, the implementation contains Hash reputation based Malware detection. As called out here, there is not direct in-memory scanning. This means there are a few limitations which are (source):

    1. Hash reputation isn't deep file inspection - Microsoft Defender for Storage uses hash reputation analysis supported by Microsoft Threat Intelligence to determine whether an uploaded file is suspicious. The threat protection tools don’t scan the uploaded files; rather they analyze the telemetry generated from the Blobs Storage and Files services. Defender for Storage then compares the hashes of newly uploaded files with hashes of known viruses, trojans, spyware, and ransomware.
    2. Hash reputation analysis isn't supported for all files protocols and operation types - Some, but not all, of the telemetry logs contain the hash value of the related blob or file. In some cases, the telemetry doesn't contain a hash value. As a result, some operations can't be monitored for known malware uploads. Examples of such unsupported use cases include SMB file-shares and when a blob is created using Put Block and Put Block List.

    In order to enable Microsoft Defender for Cloud please follow these steps (source):

    1. Launch Microsoft Defender for Cloud in the Azure portal.
    2. From Defender for Cloud's main menu, select Environment settings.
    3. Select the subscription for which you want to enable or disable Microsoft Defender for Cloud.
    4. Select Enable all Microsoft Defender plans to enable Microsoft Defender for Cloud in the subscription.
    5. Under Select Microsoft Defender plans by resource type, locate the Storage row, and select Enabled in the Plan column.
    6. Save your changes.

    Lastly, here is some additional reading on this functionality. Please let us know if you have further questions or concerns.

    174757-image.png

    1 person found this answer helpful.
    0 comments
  2. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.