Skip to content
Recued
Menu
← Back to packs

Windows Defender Scan (inbound files)

by recued-core v1 app_pack

Auto-scan every inbound file for malware with Windows Defender — the Defender sibling of clamav-scan, for a Windows-hosted recued server. Installs one reactive recipe that fires on data.file.received.*.created (an inbound reception drop, messenger media, or mail attachment), runs the Defender pack's file.scan over the bytes, and writes the verdict (clean / flagged) back to the record's scan_status. This sharpens the reception attachment scan-gate (D-173 P5): a flagged upload surfaces a stronger warning when the reviewer approves the held request, while a clean one clears the advisory. Depends on the Windows Defender capability pack (defender-pack), which carries the cli scan op and the MpCmdRun / elevation / Windows-only setup docs; install both on a Windows server running elevated. An MpCmdRun exit-2 result (a threat, or a scan error such as a non-elevated run) is conservatively flagged for review (fail-safe — no malware passes); a launch failure, timeout, or any other exit code leaves scan_status untouched (unscanned, the advisory gate still warns) rather than flagged. After install, the default dish runs on every inbound file; no per-file configuration. Install EITHER this or clamav-scan for your platform — not both.

What this pack installs

Included recipes 1 pinned recipe

This pack installs the complete recipe workflow together.

Reactive virus scan for the reception attachment scan-gate (D-173 P5) on a Windows-hosted server — the Defender sibling of scan-inbound-file-clamav. Fires whenever a file lands in data.file.received (an inbound reception drop / messenger media / mail attachment), scans it with the built-in Windows Defender engine through the Defender pack's file.scan cli operation, and writes the verdict back via the MCP-reserved core.storage.file.set-scan-status kernel op. The reception inbox reads scan_status, so a 'flagged' upload surfaces a sharper warning at approve while a 'clean' one clears the advisory warning. The verdict comes from the MpCmdRun exit code: 0 = clean, 2 = malware found (or a scan error, conservatively flagged — fail-safe, no malware passes). Any other code halts this run and leaves the record unscanned (the advisory gate still warns). Requires the defender-pack installed and an ELEVATED, Windows-hosted recued server. Install once; the install creates a default dish that runs on every inbound file. Install EITHER this or scan-inbound-file-clamav for your platform — not both (a double-scan is redundant; if both fire, the last verdict wins).

windows-defenderdefenderscansecurity
by recued-core pinned v1

Builds on

Trust & control

What installing this whole pack would let it do. Recued grants these permissions at install — review them there before approving.

Where it runs

Device + server Runs on your device (browser) or your server.

Data it touches

Warehousedata.file

About

Tags

pack:defender-scanwindows-defenderdefenderscansecuritymalwarereceptiond-173reactivewindows