With the freely available Microsoft Defender plugin for FORMCYCLE it is possible to scan uploaded files for viruses. For this purpose the plugin uses the Malware Protection Command Line Utility provided by Microsoft Defender.

Functionality

Instant virus scan

Each file is scanned immediately after it is uploaded.

In FORMCYCLE it is possible to upload files e.g. in the form through an upload element or in the backend of FORMCYCLE. Through this plugin the Malware Protection Command Line Utility of Microsoft Defender is addressed and a virus scan is performed on the uploaded file. If, according to Microsoft Defender, the file is a virus, an error message is displayed and an entry is added to the process log.

Installation

To ensure that the plugin is also available in all clients and forms, it is recommended to install it as a system plugin, which allows for better central administration and configuration.

In certain cases, Microsoft Defender is not located in the installation path used by the plugin by default. In these cases, it is mandatory to specify the location where Microsoft Defender is installed in the plugin's MpCmdRun-path configuration parameter. In most cases, it is located at C:\ProgramData\Microsoft\Windows Defender\Platform\\MpCmdRun.exe, where the highest existing version in the plugin should be specified.

Configuration

The following configuration parameters exist:

MpCmdRun-path (Required)

File path to MpCmdRun.exe or Malware Protection Command Line Utility from Microsoft Defender. Through it, a scan can take place in the file system through the command line. If this configuration is not done, an attempt is made to generate a possible file path, which is then specified in the plugin description. However, it is recommended to specify the path to MpCmdRun.exe or Malware Protection Command Line Utility itself. Possible file paths could be: C:\Program Files\Windows Defender\MpCmdRun.exe or C:\ProgramData\Microsoft\Windows Defender\Platform\<select last version>\MpCmdRun.exe. If a folder path is specified, an attempt is made to automatically generate the path to the latest version of the Malware Protection Command Line Utility. The currently used file path to the Malware Protection Command Line Utility is also specified in the plugin description.

scan-timeout (Required)

Allows to define the time in seconds before the scan process is stopped. After the timeout, the file will be treated as a file where a virus was found. The default value is 45 seconds.

Example configuration

Example configuration of the plugin:

Usage

Once a virus signature is detected, the following message is seen:

Test file

A common method to check virus scanners is the eicar.com file. For example, in the backend of Xima® Formcycle this test file can be uploaded and after successful configuration an error message can be seen.

Wikipedia

Download

Logging

When a virus scan is run by Microsoft Defender's Malware Protection Command Line Utility, the results are written to an MpCmdRun.log file. This allows the exact command line return of the scan to be traced. Usually this log file is located in the local temp directory. For example: C:\Users\<UserName>\AppData\Local\Temp\MpCmdRun.log

FORMCYCLE logs can be found for this at /tomcat9/bin/logs.

For example, after uploading the eicar.com test file, the following entry can be seen in formcycle-errors-log :