Defender for Storage scan single blob...
Hi,
We've enabled Defender for Storage Accounts on an account which receives blobs from third-parties. If the blob is marked as safe - we continue onward processing.
We're in a scenario where not all uploaded blobs are marked as safe/unsafe by Defender. We can see from diagnostic logging that the file has been scanned, but there's no message in the diagnostic logs which shows the blob tags/metadata being updated with the scan result.
We're pursuing this through MS support, although their response thus far has been to suggest we reinitiate a scan as described here - https://zcusa.951200.xyz/en-us/azure/defender-for-cloud/on-demand-malware-scanning#initiate-the-scan. This is scoped at the storage account level, and would result in us being charged for terabytes of scanned data, rather than just a single blob.
Does anyone know of a way of initiating a rescan on a single blob please? We could programatically download > delete > upload the blobs in question, although that's not particularly elegant.
Appreciate that we're likely working around a bug/gap in Defender for Storage and ideally the underlying cause would be fixed - but that's likely to take some time.
Thanks in advance,
Matt