Malware scanning in Business Central 21
Potential security risk
IT security is a high priority for all Microsoft applications, and although IT security is often an area that can seem both complicated and technical, it is also an area that should be a high priority in your implementation practice, also when it applies to Dynamics 365 Business Central.
One of the potential security holes in Business Central until now was the attachment feature. Without special tools, there is a risk that a Business Central user could accidentally attach a malicious file to a document from their local computer, send the document to another user, who opens the document and causes great damage to his machine (and perhaps even on the local network) if some form of protection, such as an antivirus program, is not activated and intercepts the malicious file.
Business Central: EnableMalwareScanning
To address the risk of this security hole in Business Central, with release wave 2 in 2022, Microsoft has implemented a new hidden feature that, despite not being talked about as much, is still an important security feature to be aware of.
Business Central online
Any file uploaded to the Business Central online environment, either via web client or via OData, is now first scanned with Windows Defender and a file is only accepted if it is considered safe.
Business Central on-premise
In the on-premise version of Business Central, you also have the opportunity to activate this function. Starting with Business Central 21 (2022 release wave 2), you have a new setting on your server server called EnableMalwareScanning. By default, this option is set to not enabled
As this option requires Windows Defender to be installed and enabled on the server, it is not enabled by default, but if your Windows Defender is active, simply enable the option and your files will be scanned before uploading to Business Central. If you want to improve the security of your on-premise ERP installation, we suggest that you activate this option.
What is malware?
Malware is a combination of the two English words 'malicious' and 'software', which means malicious software.