Learn answers to frequently asked questions about the Malwarebytes Cloud Storage Scanning (CSS) module.
Navigate to the questions by clicking on the following links:
- How does CSS handle remediation when an infected file is found?
- What's the difference between a scheduled scan and a continuous scan?
- Should I run a scheduled scan, continuous scan, or a combination of both?
- How are files scanned?
- Where is the scanning engine?
- Is there a size limit for files that CSS scans?
- What happens when I exceed my purchased scan storage quota?
- Does this feature apply to servers?
- Is CSS able to scan object storage, file storage and block storage?
- Does Malwarebytes CSS integrate with Azure & AWS environments?
How does CSS handle remediation when an infected file is found?
With the Enable Quarantine toggle enabled in the Cloud Storage Scan configuration, malicious files are automatically quarantined to the configured folder. Manage these detections from the Storage Quarantine page. For more information, see Manage Cloud Storage Scanning quarantine in Nebula.
A tombstone file is created and replaces the original file. The tombstone file contains a note that the file has been quarantined and to contact the Cloud Storage Administrator.
What happens if a file with collaborators is quarantined?
Collaborators can no longer access the file. If the file is restored from quarantine, they will gain access to the file again.
What happens if a file that has been shared via a link is quarantined?
The link is expired and can no longer be accessed. If the file is restored from quarantine, the link is no longer expired and becomes accessible again.
NOTICE - For OneDrive, previously shared links remain expired after the file is restored. A new link must be generated and shared again.
What happens if I delete a file from quarantine?
The file is moved to the administrator's trash in the cloud storage provider. Administrators of the cloud storage provider can restore the file from trash if it was deleted by mistake before the file is permanently deleted. Refer to your cloud storage providers' settings to determine when files are permanently deleted from the trash.
What’s the difference between a scheduled scan and a continuous scan?
A scheduled scan allows you to create a scan at a particular time. It can be configured to run on a recurring basis daily, weekly or monthly. A scheduled scan will do a full scan of a targeted repository, folder or sub-folder.
A continuous scan monitors for new files uploaded to the targeted repository, folder, or sub-folder. Check the Include existing files option to run a full scan of the target location.
Should I run scheduled scans, a continuous scan or a combination of both?
Generally, a continuous scan is the most cost-effective way to address compliance needs and provide ongoing protection, but you may also need to do additional scheduled scans depending on how regulations apply to your business.
How are files scanned?
Using the APIs provided by supported storage vendors (e.g. Box, OneDrive), we first download the object content over HTTPS. Then, we store the objects in a file storage attached to a temporary compute pod and scan them. Scan results are tunneled to our results database and the objects are automatically deleted from our file storage.
Where is the scanning engine?
As part of our Software as a Service (SaaS) based service, the scanning engine resides in Amazon Web Services (AWS) East in the United States.
Is there a size limit for files that CSS scans?
There is a 100Mb size limit on files CSS scans. Files larger than 100Mb are not scanned.
What happens when I exceed my purchased quota for scan storage?
Scans stop when the quota exceeds 110%. The quota is checked before each file is downloaded and scanned. Contact sales to purchase additional scanning capacity.
To receive alerts when your scanning capacity is close to being exceeded, see Set up Cloud Storage Scanning notifications in Nebula.
Does this feature apply to servers? For example, AWS customers may have server space in addition to data storage. Can you scan both with CSS?
CSS only scans cloud storage repositories. It does not scan servers. For example, we do not support scanning Amazon Elastic Block Stores.
Is CSS able to scan object storage, file storage and block storage?
Currently, CSS only supports scanning file storage. We will be adding support for object storage, block storage, other cloud storage providers, and SaaS applications in the future.
Does Malwarebytes CSS integrate with any other cloud storage providers?
Currently, CSS supports Box and OneDrive. Future integrations will include support for Google Drive, Dropbox, and AWS S3.
Who should I contact if I need help or have more questions?
Contact Malwarebytes support if you need help or have any questions! For troubleshooting assistance, see Troubleshoot Cloud Storage Scanning.
Return to Malwarebytes Cloud Storage Scanning guide.