Introducing Malwarebytes Cloud Storage Scanning: How to scan for malware in cloud file storage repositories

We’re excited to announce Malwarebytes Cloud Storage Scanning, a new service that extends Nebula malware scanning options to include files stored on cloud storage repositories that are part of your organization’s digital ecosystem.

Today, the service supports scanning of files under 100Mb in size that reside on or on Microsoft’s OneDrive, and will extend to other popular file storage solutions in the coming quarters.

Malwarebytes Cloud Storage Scanning uses multiple anti-malware engines, using a combination of signatures, heuristics and machine learning to increase detection rates, decrease detection times and provide a comprehensive view to monitor and protect the health of all your enterprise data. 

Let’s dive in on how to make a scan!

Scanning for cloud malware

In Nebula, go to “Settings” and click “Cloud Storage Scans”. Here you can see existing scans and the providers being checked. Click “Add a Scan” to create a new scan.easset upload file70596 227184 e

Under “Settings”, name the scan and then select your cloud data storage provider.

easset upload file71839 227184 e

Enter the configuration details from the storage provider to select and validate your account.  To initially check all existing files for malware, do not check this box and configure a scheduled or on-demand scan. In order to connect to your provider, you will need to provide a Tenant ID, Client ID and Client Secret.

If you select “Continuous scan”, Malwarebytes will only check for new and updated files from this point forward.

Click “Connect to provider” to provide access to your cloud storage location.easset upload file15225 227184 e

Once you see a success message, go to “Items to scan” to select the users or folders to scan. You can scan folders and the sub-folders.easset upload file56316 227184 e

If you have not selected continuous scan, go to “Scan frequency” to determine the cadence. Note that with scheduled scans, you will be scanning the contents of the selected folder(s) each time versus a continuous scan that only scans the changes.

Scans can be scheduled daily, weekly or monthly. Select “Scan now” for a one-time scan to occur immediately. Save for the scan to take effect and begin running on the cadence you chose.easset upload file59644 227184 e

In this example, we have a one time scan for existing malware in the folder and a continuous scan for future changes.easset upload file96093 227184 e

Review the results of scans with “Storage detections” on the left-side navigation bar. easset upload file44745 227184 e

Here you can see a list of all detections from any cloud storage location. You can sort by “Threat name”:easset upload file79207 227184 e

Filter by cloud provider:easset upload file94328 227184 e

And “Add/Remove Columns”:

easset upload file42419 227184 e

A report is also available to send a list of detections via email. Navigate to the “Reports” section on the nav bar:

easset upload file91245 227184 e

Click “Cloud Storage Detections Summary”. You’ll be prompted with a window to configure the report.

easset upload file3003 227184 e

easset upload file15211 227184 eClick “Save”. 

As you can see, the report was delivered to our email below!easset upload file4059 227184 e

An additional layer of security

While integrated cloud malware detection solutions (e.g. BoxShield for; MS Defender for OneDrive) can be useful, many businesses use multiple different cloud storage repositories, and due to lack of integration options, are unable to get a centralized view of all of their scan results, across multiple repositories, in a single security-focused pane of glass.

Malwarebytes Cloud Storage Scanning is easy and quick to deploy, centrally managed, and is seamlessly integrated with other Malwarebytes products and services that provide cloud security best practices.

Interested in reading about real-life examples of cloud malware mitigation? Read the case study of how a business used Malwarebytes to help eliminate cloud-based threats.