Rescanning Individual Blocked or Failed Files

MetaDefender Storage Security allows users to manually initiate a new scan for files that are currently in a Blocked or Failed state. This feature provides control and flexibility, enabling rescans for the following scenarios:

Investigating potential false positives
Re-evaluating a file after anti-malware definition updates
Re-processing a file after a policy configuration change
Attempting to scan an encrypted file by providing the correct password(s)

Files can be rescanned using either the graphical user interface (GUI) or the Application Programming Interface (API).

Using the GUI

You can initiate a rescan directly from the MetaDefender Storage Security web interface:

Navigate to the Active Scans page or the Reports page.
Locate the specific blocked or failed file you wish to rescan within the list (status is indicated by icons or labels).
Click the Scan Again button in the actions column for the blocked or failed file. For encrypted files, click the lock icon, enter the passwords, and click the rescan icon.
The file will be re-queued for processing using the currently applicable scan configurations.
Monitor the scan progress and final result on the Reports page.

Alternatively, navigate to the file’s detail page and use the Scan Again option there.

Using the API

Files can be programmatically submitted for rescan using the MetaDefender Storage Security API. This is useful for automation or integration with other systems.
You will need the unique identifier (fileId) of the blocked file you wish to rescan. This ID can typically be retrieved from scan reports or event logs associated with the initial block action.
Missing Information : the specific endpoint for triggering a rescan of any blocked file in MDSS based on fileId should be documented here / link to it
Send an API request (POST) to the determined endpoint. The request body should be in JSON format (below)
The API should return a response indicating whether the rescan request was successfully submitted (a success message, perhaps a new data_id or task ID for tracking or whatever it is). The actual scan results will be available asynchronously and can be retrieved via subsequent API calls or viewed in the GUI.

For standard rescan

JSON
    
 
{  "fileId": "{string}",  "scanId": "{string}",  "storageProtocolType": "{int32}",}
Copy

For encrypted blocked files

JSON
    
 
{  "fileId": "{string}",  "scanId": "{string}",  "storageProtocolType": "{int32}",  "passwords": ["password_1","password_2"]}
Copy

Full API documentation is available to guide your implementation.

Last updated on

Was this page helpful?