Data privacy notice

 

When this content is loaded, usage information is transmitted to Vimeo and may be processed there.

 

             

Malware scanner plugin: Microsoft Defender

Modified on Thu, 20 Jul, 2023 at 10:34 AM

With the freely available Microsoft Defender plugin for FORMCYCLE it is possible to scan uploaded files for viruses. For this purpose the plugin uses the Malware Protection Command Line Utility provided by Microsoft Defender.


Functionality

Instant virus scan
Each file is scanned immediately after it is uploaded.

In FORMCYCLE it is possible to upload files e.g. in the form through an upload element or in the backend of FORMCYCLE. Through this plugin the Malware Protection Command Line Utility of Microsoft Defender is addressed and a virus scan is performed on the uploaded file. If, according to Microsoft Defender, the file is a virus, an error message is displayed and an entry is added to the process log.


Installation

To ensure that the plugin is also available in all clients and forms, it is recommended to install it as a system plugin, which allows for better central administration and configuration.

In certain cases, Microsoft Defender is not located in the installation path used by the plugin by default. In these cases, it is mandatory to specify the location where Microsoft Defender is installed in the plugin's MpCmdRun-path configuration parameter. In most cases, it is located at C:\ProgramData\Microsoft\Windows Defender\Platform\\MpCmdRun.exe, where the highest existing version in the plugin should be specified.



Configuration

The following configuration parameters exist:

MpCmdRun-path (Required)

File path to MpCmdRun.exe or Malware Protection Command Line Utility from Microsoft Defender. Through it, a scan can take place in the file system through the command line. If this configuration is not done, an attempt is made to generate a possible file path, which is then specified in the plugin description. However, it is recommended to specify the path to MpCmdRun.exe or Malware Protection Command Line Utility itself. Possible file paths could be: C:\Program Files\Windows Defender\MpCmdRun.exe or C:\ProgramData\Microsoft\Windows Defender\Platform\<select last version>\MpCmdRun.exe. If a folder path is specified, an attempt is made to automatically generate the path to the latest version of the Malware Protection Command Line Utility. The currently used file path to the Malware Protection Command Line Utility is also specified in the plugin description.


scan-timeout (Required)

Allows to define the time in seconds before the scan process is stopped. After the timeout, the file will be treated as a file where a virus was found. The default value is 45 seconds.


Example configuration

Example configuration of the plugin:


Usage

Once a virus signature is detected, the following message is seen:


Test file

A common method to check virus scanners is the eicar.com file. For example, in the backend of Xima® Formcycle this test file can be uploaded and after successful configuration an error message can be seen.


Wikipedia
Download

Logging


When a virus scan is run by Microsoft Defender's Malware Protection Command Line Utility, the results are written to an MpCmdRun.log file. This allows the exact command line return of the scan to be traced. Usually this log file is located in the local temp directory. For example: C:\Users\<UserName>\AppData\Local\Temp\MpCmdRun.log

FORMCYCLE logs can be found for this at /tomcat9/bin/logs.

For example, after uploading the eicar.com test file, the following entry can be seen in formcycle-errors-log :

[WARN] [25-05-22 10:10:21,192] [ajp-nio-127.0.0.1-8009-exec-43] (MalwareScanner.java:211) - Scanner detected malware signature for file : {stream=[Win.Test.EICAR_HDB-1]} 
 [ERROR] [25-05-22 10:10:21,207] [ajp-nio-127.0.0.1-8009-exec-43] (VirusScannerService.java:71) - Detected a virus 



Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article