Learn answers to frequently asked questions about the Malwarebytes Cloud Storage Scanning (CSS) module.
Navigate to the questions by clicking on the following links:
- How does CSS handle remediation when an infected file is found?
- Why does CSS not have its own native remediation capabilities?
- Does Malwarebytes intend to add remediation capabilities to CSS in the future?
- What's the difference between a scheduled scan and a continuous scan?
- Should I run a scheduled scan, continuous scan, or a combination of both?
- How are files scanned?
- Where is the scanning engine?
- Is there a size limit for files that CSS scans?
- What happens when I exceed my purchased scan storage quota?
- Does this feature apply to servers?
- Is CSS able to scan object storage, file storage and block storage?
- Does CSS offer ‘prevention’ capabilities?
- Does Malwarebytes CSS integrate with Azure & AWS environments?
How does CSS handle remediation when an infected file is found?
An alert is posted in the Storage Detections page when CSS identifies an infected file. Administrators can use the information to identify the file and its location, then delete the file from their storage provider.
Why does CSS not have its own native remediation capabilities?
CSS is intended to be an additional layer of security that protects environments where there is less visibility and control over what is being uploaded and downloaded. It complements the Malwarebytes technology on your endpoint devices where strong remediation is a fundamental feature.
Additionally, one of the challenges of storing files in the cloud is that multiple versions and copies can be stored various locations. A remediation capability directed at a single folder may not eliminate the infected file everywhere it resides. Storage repository vendors have a well-developed set of tools for rollback and remediation that can be applied throughout their entire environment.
Does Malwarebytes intend to add remediation capabilities to CSS in the future?
While indirect remediation is available today via 3rd parties or as part of the remediation feature of your Malwarebytes Endpoint Protection, we recognize the value of building remediation directly into the Nebula workflows at the point you are investigating alerts. While we will still give you the ability to leverage indirect remediation, we also intend to add direct remediation capabilities in the future.
What’s the difference between a scheduled scan and a continuous scan?
A scheduled scan allows you to create a scan at a particular time. It can be configured to run on a recurring basis daily, weekly or monthly. A scheduled scan will do a full scan of a targeted repository, folder or sub-folder.
A continuous scan allows you to start a scan on a targeted repository, folder or sub-folder right away. Initially, it scans the entire contents of the target, then it continuously monitor the target and only newly uploaded or modified files.
Should I run scheduled scans, a continuous scan or a combination of both?
Generally, a continuous scan is the most cost-effective way to address compliance needs and provide ongoing protection, but you may also need to do additional scheduled scans depending on how regulations apply to your business.
How are files scanned?
Using the APIs provided by supported storage vendors (e.g. Box, OneDrive), we first download the object content over HTTPS. Then, we store the objects in a file storage attached to a temporary compute pod and scan them. Scan results are tunneled to our results database and the objects are automatically deleted from our file storage.
Where is the scanning engine?
As part of our Software as a Service (SaaS) based service, the scanning engine resides in Amazon Web Services (AWS) East in the United States.
Is there a size limit for files that CSS scans?
There is a 100Mb size limit on files CSS scans. Files larger than 100Mb are not scanned.
What happens when I exceed my purchased quota for scan storage?
Scans stop when the quota exceeds 110%. The quota is checked before each file is downloaded and scanned. Contact sales to purchase additional scanning capacity.
To receive alerts when your scanning capacity is close to being exceeded, see Set up Cloud Storage Scanning notifications in Nebula.
Does this feature apply to servers? For example, AWS customers may have server space in addition to data storage. Can you scan both with CSS?
CSS only scans cloud storage repositories. It does not scan servers. For example, we do not support scanning Amazon Elastic Block Stores.
Is CSS able to scan object storage, file storage and block storage?
Currently, CSS only supports scanning file storage. We will be adding support for object storage, block storage, other cloud storage providers, and SaaS applications in the future.
Does CSS offer prevention capabilities?
No. This module only detects malicious files in cloud storage systems.
Does Malwarebytes CSS integrate with Azure & AWS environments?
For this initial release, CSS supports Box and OneDrive. We intend to add support for AWS, Google Drive and Azure in the near future.
Who should I contact if I need help or have more questions?
Contact Malwarebytes support if you need help or have any questions! For troubleshooting assistance, see Troubleshoot Cloud Storage Scanning.
Return to Malwarebytes Cloud Storage Scanning guide.