Microsoft Defender - FORMCYCLE Wiki

This plugin can only be used with {{formcycle/}} version 7.0.13 or higher.

[[**Plugin-Download**>>https://customer.formcycle.eu/index.php/apps/files/?dir=/FORMCYCLE%20-%20Plugins%20Customer/fc-plugin-malware-scanner/MicrosoftDefender%20(Windows)&fileid=40505]]

8

9

10

11

With the free Microsoft Defender plugin for {{formcycle/}} it is possible to scan uploaded files for viruses. For this purpose the plugin uses the //Malware Protection Command Line Utility// provided by Microsoft Defender.

== Functionality ==

; Instant virus scan

: Each file is scanned immediately after it is uploaded.

17

18

In {{formcycle/}} it is possible to upload files e.g. in the form through an upload element or in the backend of {{formcycle/}}. Through this plugin the //Malware Protection Command Line Utility// of Microsoft Defender is addressed and a virus scan is performed on the uploaded file. If, according to Microsoft Defender, the file is a virus, an error message is displayed and an entry is added to the process log.

== Installation ==

To ensure that the plugin is also available in all clients and forms, it is recommended to install it as a system plugin, which allows for better central administration and configuration.

23

24

25

In certain cases, Microsoft Defender is not located in the installation path used by the plugin by default. In these cases, it is mandatory to specify the location where Microsoft Defender is installed in the plugin's MpCmdRun-path configuration parameter. In most cases, it is located at //C:\ProgramData\Microsoft\Windows Defender\Platform\<version number>\MpCmdRun.exe//, where the highest existing version in the plugin should be specified.

== Configuration ==

The following configuration parameters exist:

31

32

; MpCmdRun-path (Required).

33

: File path to MpCmdRun.exe or //Malware Protection Command Line Utility// from //Microsoft Defender//. Through it, a scan can take place in the file system through the command line. If this configuration is not done, an attempt is made to generate a possible file path, which is then specified in the plugin description. However, it is recommended to specify the path to MpCmdRun.exe or //Malware Protection Command Line Utility// itself. Possible file paths could be: //C:\Program Files\Windows Defender\MpCmdRun.exe// or //C:\ProgramData\Microsoft\Windows Defender\Platform\<select last version>\MpCmdRun.exe//. If a folder path is specified, an attempt is made to automatically generate the path to the latest version of the //Malware Protection Command Line Utility//. The currently used file path to the //Malware Protection Command Line Utility// is also specified in the plugin description.

34

; scan-timeout (Required)

35

: Allows to define the time in seconds before the scan process is stopped. After the timeout, the file will be treated as a file where a virus was found. The default value is 45 seconds.

36

37

== Example configuration ==

38

39

Example configuration of the plugin:

== Usage ==

Once a virus signature is detected, the following message is seen:

=== Test file ===

A common method to check virus scanners is the //eicar.com// file.

52

For example, in the backend of {{formcycle/}} this test file can be uploaded and after successful configuration an error message can be seen.

53

54

; [[**Wikipedia**>>https://de.wikipedia.org/wiki/EICAR-Testdatei]]

55

; [[**Download**>>https://www.eicar.org/download-anti-malware-testfile/]]

=== Logging ===

When a virus scan is run by Microsoft Defender's //Malware Protection Command Line Utility//, the results are written to an MpCmdRun.log file. This allows the exact command line return of the scan to be traced. Usually this log file is located in the local temp directory. For example: //C:\Users\<UserName>\AppData\Local\Temp\MpCmdRun.log//

60

61

{{formcycle/}} logs can be found for this at // /tomcat9/bin/logs.//

62

63

: For example, after uploading the //eicar.com// test file, the following entry can be seen in //formcycle-errors-log //:

64

; {{code language="shell"}} [WARN] [25-05-22 10:10:21,192] [ajp-nio-127.0.0.1-8009-exec-43] (MalwareScanner.java:211) - Scanner <fc.plugin.fc_plugin_malware_scanner_ms_defender. MsDefenderFileScanner@7b2a4953> detected malware signature for file </home/fc/tomcat9/tmp/xima-temp/formcycle7/xfc-malware-scan/stream-scan12705251110052849842/data2383296604287452271>: {stream=[Win.Test.EICAR_HDB-1]} {{/code}}

65

; {{code language="shell"}} [ERROR] [25-05-22 10:10:21,207] [ajp-nio-127.0.0.1-8009-exec-43] (VirusScannerService.java:71) - Detected a virus {{/code}}

66

67

== Version history ==

68

69

=== Version 1.0.3 ===

70

71

* Change: The plugin is synchronized with the frontend server when one is available. This allows for malware scanning when using a frontend server.

72

73

=== Version 1.0.2 ===

74

75

* Automatic determination of the path to the MS Defender executable file (MpCmdRun) if no path is explicitly specified.

76

77

=== Version 1.0.1 ===

78

79

* Naming of plugin properties

80

81

=== Version 1.0.0 ===

82

83

* Initial release

author	version	line-number	content
		1	{{info}}
		2	{{version major="7" minor="0" patch="13" showInfo="true"}}
		3	This plugin can only be used with {{formcycle/}} version 7.0.13 or higher.
		4	{{/version}}
		5	{{/info}}
		6
		7	[[Plugin-Download>>https://customer.formcycle.eu/index.php/apps/files/?dir=/FORMCYCLE%20-%20Plugins%20Customer/fc-plugin-malware-scanner/MicrosoftDefender%20(Windows)&fileid=40505]]
		8
		9	{{content/}}
		10
		11	With the free Microsoft Defender plugin for {{formcycle/}} it is possible to scan uploaded files for viruses. For this purpose the plugin uses the //Malware Protection Command Line Utility// provided by Microsoft Defender.
		12
		13	== Functionality ==
		14
		15	; Instant virus scan
		16	: Each file is scanned immediately after it is uploaded.
		17
		18	In {{formcycle/}} it is possible to upload files e.g. in the form through an upload element or in the backend of {{formcycle/}}. Through this plugin the //Malware Protection Command Line Utility// of Microsoft Defender is addressed and a virus scan is performed on the uploaded file. If, according to Microsoft Defender, the file is a virus, an error message is displayed and an entry is added to the process log.
		19
		20	== Installation ==
		21
		22	To ensure that the plugin is also available in all clients and forms, it is recommended to install it as a system plugin, which allows for better central administration and configuration.
		23
		24	{{info}}
		25	In certain cases, Microsoft Defender is not located in the installation path used by the plugin by default. In these cases, it is mandatory to specify the location where Microsoft Defender is installed in the plugin's MpCmdRun-path configuration parameter. In most cases, it is located at //C:\ProgramData\Microsoft\Windows Defender\Platform\<version number>\MpCmdRun.exe//, where the highest existing version in the plugin should be specified.
		26	{{/info}}
		27
		28	== Configuration ==
		29
		30	The following configuration parameters exist:
		31
		32	; MpCmdRun-path (Required).
		33	: File path to MpCmdRun.exe or //Malware Protection Command Line Utility// from //Microsoft Defender//. Through it, a scan can take place in the file system through the command line. If this configuration is not done, an attempt is made to generate a possible file path, which is then specified in the plugin description. However, it is recommended to specify the path to MpCmdRun.exe or //Malware Protection Command Line Utility// itself. Possible file paths could be: //C:\Program Files\Windows Defender\MpCmdRun.exe// or //C:\ProgramData\Microsoft\Windows Defender\Platform\<select last version>\MpCmdRun.exe//. If a folder path is specified, an attempt is made to automatically generate the path to the latest version of the //Malware Protection Command Line Utility//. The currently used file path to the //Malware Protection Command Line Utility// is also specified in the plugin description.
		34	; scan-timeout (Required)
		35	: Allows to define the time in seconds before the scan process is stopped. After the timeout, the file will be treated as a file where a virus was found. The default value is 45 seconds.
		36
		37	== Example configuration ==
		38
		39	Example configuration of the plugin:
		40
		41	{{lightbox image="en_ms_defender_plugin.png"/}}
		42
		43	== Usage ==
		44
		45	Once a virus signature is detected, the following message is seen:
		46
		47	{{lightbox image="en_ms_defender_backend_upload.png"/}}
		48
		49	=== Test file ===
		50
		51	A common method to check virus scanners is the //eicar.com// file.
		52	For example, in the backend of {{formcycle/}} this test file can be uploaded and after successful configuration an error message can be seen.
		53
		54	; [[Wikipedia>>https://de.wikipedia.org/wiki/EICAR-Testdatei]]
		55	; [[Download>>https://www.eicar.org/download-anti-malware-testfile/]]
		56
		57	=== Logging ===
		58
		59	When a virus scan is run by Microsoft Defender's //Malware Protection Command Line Utility//, the results are written to an MpCmdRun.log file. This allows the exact command line return of the scan to be traced. Usually this log file is located in the local temp directory. For example: //C:\Users\<UserName>\AppData\Local\Temp\MpCmdRun.log//
		60
		61	{{formcycle/}} logs can be found for this at // /tomcat9/bin/logs.//
		62
		63	: For example, after uploading the //eicar.com// test file, the following entry can be seen in //formcycle-errors-log //:
		64	; {{code language="shell"}} [WARN] [25-05-22 10:10:21,192] [ajp-nio-127.0.0.1-8009-exec-43] (MalwareScanner.java:211) - Scanner <fc.plugin.fc_plugin_malware_scanner_ms_defender. MsDefenderFileScanner@7b2a4953> detected malware signature for file </home/fc/tomcat9/tmp/xima-temp/formcycle7/xfc-malware-scan/stream-scan12705251110052849842/data2383296604287452271>: {stream=[Win.Test.EICAR_HDB-1]} {{/code}}
		65	; {{code language="shell"}} [ERROR] [25-05-22 10:10:21,207] [ajp-nio-127.0.0.1-8009-exec-43] (VirusScannerService.java:71) - Detected a virus {{/code}}
		66
		67	== Version history ==
		68
		69	=== Version 1.0.3 ===
		70
		71	* Change: The plugin is synchronized with the frontend server when one is available. This allows for malware scanning when using a frontend server.
		72
		73	=== Version 1.0.2 ===
		74
		75	* Automatic determination of the path to the MS Defender executable file (MpCmdRun) if no path is explicitly specified.
		76
		77	=== Version 1.0.1 ===
		78
		79	* Naming of plugin properties
		80
		81	=== Version 1.0.0 ===
		82
		83	* Initial release

Wiki source code of Microsoft Defender