Share via

Defender for Storage scan single blob...

Matt 0 Reputation points
2024-12-13T14:19:46.41+00:00

Hi,

We've enabled Defender for Storage Accounts on an account which receives blobs from third-parties. If the blob is marked as safe - we continue onward processing.

We're in a scenario where not all uploaded blobs are marked as safe/unsafe by Defender. We can see from diagnostic logging that the file has been scanned, but there's no message in the diagnostic logs which shows the blob tags/metadata being updated with the scan result.

We're pursuing this through MS support, although their response thus far has been to suggest we reinitiate a scan as described here - https://learn.microsoft.com/en-us/azure/defender-for-cloud/on-demand-malware-scanning#initiate-the-scan. This is scoped at the storage account level, and would result in us being charged for terabytes of scanned data, rather than just a single blob.

Does anyone know of a way of initiating a rescan on a single blob please? We could programatically download > delete > upload the blobs in question, although that's not particularly elegant.

Appreciate that we're likely working around a bug/gap in Defender for Storage and ideally the underlying cause would be fixed - but that's likely to take some time.

Thanks in advance,

Matt

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,449 questions

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.