Azure Storage account blob scanning and tags

Scan a file

To scan a file, upload it to any container in the protecting storage account:

  1. In Azure portal, go to Storage accounts service and find your protecting storage account.
  2. Go to Containers. Go to any existing container or create a container.
  3. Select Upload and add your file to the container.

    File Storage Security detects that a file has been added to the protecting storage account and scans the file. For details on the scanning process, see this Architecture diagram.

You can now view the metadata/index tags within the Azure environment.

You can also view scan results in Application Insights and be notified of scan results through Service Bus Topic.

View the metadata and index tags

File Storage Security adds Azure blob metadata and blob index tags to the files it scans. The metadata and the index tags contain a short description of the scan results, and start with the prefix fss*. You'll only see the fss* tags pertaining to the latest scan; tags from past scans are not kept. Additionally, all non-fss* tags are preserved.

Below is an image of the metadata and index tags, as they appear in Azure storage account.

screen shot

To view the metadata and index tags added by File Storage Security:

  1. In Azure portal, go to Storage accounts service and find your protecting storage account.
  2. Go to Containers. Go to the container where the file was uploaded.
  3. Select a file that has been scanned, then scroll to the Metadata or Blob index tags section.

    The metadata/index tags added by File Storage Security should appear. They are:

    • fssErrorMessage/fss-error-message: Appears if the fssScanResult/fss-scan-result tag value is failure. Shows error message text.
    • fssScanDate/fss-scan-date: Shows the date and time in UTC that the file was scanned.
    • fssScanResult/fss-scan-result: Shows the scan result. Possible values are:

      • no issues found: Indicates that no malware was detected.
      • malicious: Indicates that known malware was detected.
      • failure: Indicates that the scan failed. (A failure does not necessarily mean that File Storage Security failed.)
    • fssScanDetailCode/fss-scan-detail-code: Appears if fssScanResult/fss-scan-result is not failure. Shows status code that indicate the details of the scan.

      • 0: Scan completed without any more details.
      • 100~199: Some scans are skipped due to existing parameters. Contact support if you need assistance.
    • fssScanDetailMessage/fss-scan-detail-message: Appears if fssScanResult/fss-scan-result is not failure. Shows the status code message corresponding to fssScanDetailCode/fss-scan-detail-code.

    • fssScanned/fss-scanned: Indicates whether the file was scanned by File Storage Security. Possible values are true and false.

    If you don't see these metadata or index tags, it means the file has not been scanned.