Remove From My Forums

status of the window defender anti virus scan

Question
0

Sign in to vote

User351619809 posted

Hello All,

I have a public facing web site where customers can upload .pdf file. We have a window defender anti virus installed on the server that scans the uploaded file. If the file has virus issues then it can delete the file or try to clean the file virus. Is it possible to get the name of the file that has virus in it on asp.net C# side.

any help or hint will be greatly appreciated.

Thursday, August 27, 2020 11:45 PM

Answers

User-1330468790 posted

Here is a workaround that you could use "System.Diagnostics.Process" to run the window defender anti virus application.

Then, the only thing you need to do is to check the return codes and do the following action.

As you might need to run the application with some arguments, you could refer to this link:

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus

Extract information:

-Scan [-ScanType value]
     0  Default, according to your configuration
     1  Quick scan
     2  Full system scan
     3  File and directory custom scan

        [-File <path>]
             Indicates the file or directory  to be scanned, only valid for
             custom scan.

        [-DisableRemediation]
             This option is valid only for custom scan.
             When specified:
               - File exclusions are ignored.
               - Archive files are scanned.
               - Actions are not applied after detection.
               - Event log entries are not written after detection.
               - Detections from the custom scan are not displayed in the user
                 interface.

   Return code is
   0    if no malware is found or malware is successfully remediated and no
        additional user action is required
   2    if malware is found and not remediated or additional user action is
        required to complete remediation or there is error in scanning.
        Please check History for more information.

More details, you could refer to below codes:

 static void Main(string[] args)
        {

            

            try
            {
                string path = @"C:\...\Delete.txt";

                System.Diagnostics.Process process = new System.Diagnostics.Process();
                System.Diagnostics.ProcessStartInfo startInfo = new System.Diagnostics.ProcessStartInfo();
                startInfo.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden;
                startInfo.FileName = @"C:\Program Files\Windows Defender\MpCmdRun.exe";
                startInfo.Arguments = "-Scan -ScanType 3 -File \"" + path + "\"";

                process.StartInfo = startInfo;
                var results = process.Start();
                //wait
                process.WaitForExit(); 
                if (process.ExitCode == 0)
                {
                    Console.WriteLine("ok！");
                    Console.WriteLine("Scan Result: " + results);
                }
                else if (process.ExitCode == 2)
                {
                    //Do whatever you want if the file turns out a malware
                    Console.WriteLine(path);
                    Console.WriteLine("Scan Result: " + results);

                }
            }
            catch (Exception e)
            {

                Console.WriteLine(e.Message); ;
            }
            Console.ReadLine();
        }

Apart from that, you might consider using a 3rd party Anti Virus API/Service. However, this requires you comparing them for pros and cons, e.g. security and easy-use.

Hope this can help you.

Best regards,

Sean

Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM

Friday, August 28, 2020 2:49 AM

All replies