5 min. Read

Azure File Sync can help you centralize your files in Azure and then install a synchronization agent on Windows Server, whether local or Azure (IaaS VM), to provide fast local access to your files. Your servers and Azure files are constantly in sync, so you have one centralized location for your files with access to multiple sites, which works with a fast local cache and cloud ladder.

cloud step function allows frequently used files to be cached locally so that all file content is on the server, while less frequently used files are staggered to the cloud. Staggered files (AFS restore points) are retrieved when needed when a user or application accesses it on a local server.

Learn more about Azure File Sync check out my previous articles here.

From Azure File Sync version 4.0 and later, Microsoft added a new secure Windows attribute to all tiered files known as (FILE_ATTRIBUTE_RECALL_ON_DATA_ACCESS).

This new feature enhances antivirus and backup products that would otherwise download cold files wasted from the cloud. Because antivirus scans for files from known malware, an antivirus / backup product can cause tiered file recovery, which incurs additional costs. So it is recommended that you contact your software vendor to learn how to configure their solution to bypass reading files with this set of attributes (many do it automatically). Microsoft’s internal antivirus solutions, such as Windows Defender and System Center Endpoint Protection (SCEP), both automatically bypass reading files that contain this configuration.

The good news is that Microsoft has just released a new lightweight test suite to help identify potential interoperability issues between Azure File Sync and antivirus solutions. This test suite primarily helps identify staggered file numbers caused by AV that are likely to be avoided to prevent unexpected data leakage from the cloud. The decision to scan / read a staggered file or not will ultimately be part of the AV software.

In this blog post, I’ll show you how to install a new one Azure File Sync (AFS) Antivirus Compatibility Suite, so you can test all Azure File Sync functionality and validate your anti-virus behavior with a comprehensive set of tests, and then produce user-friendly test results.

Azure File Sync (AFS) Antivirus Compatibility Test Suite has been developed as a separate product. It does not require an Azure File Share or Azure subscription with the recording synchronization settings to run the tests. Better yet, it doesn’t even need an agent installed. All file system interactions that are critical to AFS are implemented through tests.

The filter listener in the AFS AV test package mocks FileSyncSvc.exe implementation. If the antivirus product calls the tiered files incorrectly — for example, during a regularly scheduled scan — the listener of the filter detects that an incoming read request was not ‘expected’, so the test fails. Based on the test results, antivirus vendors can make appropriate changes to the behavior of their product with Azure File Sync.

Azure File Sync (AFS) Antivirus Compatibility Test Suite can be downloaded from.

When the installation is complete .ZIP code file is downloaded, you can extract it to your file server, such as D: AFS-AV-Test

Introducing Azure File Sync Antivirus Compatibility Test Suite 2

Note that the AV Test Pack can be installed on Windows Server 2012 R2, Windows Server 2016, or Windows Server 2019.

Next, download and install Windows Driver Kit (WDK) from the following location.

Introducing Azure File Sync Antivirus Compatibility Test Suite 3

Once the WDK is installed, Test Writing and Performance Framework (TAEF) can be found in the WDK installation path C: Program Files (x86) Windows Kits 10 Testing Runtimes TAEF. Please note TE.exe command, we will use it in the next section.

Introducing Azure File Sync Antivirus Compatibility Test Suite 4

Return to the disassembled location and install StorageSync.sys Filter, you need to right-click StorageSync.inf file and select Install.

Introducing Azure File Sync Antivirus Compatibility Test Suite 5

To ensure that the filter is installed and loaded correctly, you must run a Windows command prompt and run the following command: fltmc. If you don’t see StorageSync filter and try to load it with this command: fltmc download StorageSync

Introducing Azure File Sync Antivirus Compatibility Test Suite 6

Now you need to configure AV background scan, open runbackgroundscan.cmd in the same folder and edit this file to run the command needed to perform a background scan. In this example, I use Windows Defender as an antivirus, % 1 is the scan path that we specify when we run the test package in the next section. If your AV product does not support starting a background scan in this way, you will need to perform this test manually.

Introducing Azure File Sync Antivirus Compatibility Test Suite 7

Open a command prompt (cmd.exe) in elevated mode and switch to mode C: Program Files (x86) Windows Kits 10 Testing Runtimes TAEF and then run the following command:

te.exe "D:AFS-AV-TestAVCompatTestSuite.dll" /p:TargetDirectory=D:Backup /p:OperationDelaySeconds=10 > output.txt

Introducing Azure File Sync Antivirus Compatibility Test Suite 8

Note that the destination directory should be non-system (C 🙂 quantity. OperationDelaySeconds is the rest time between critical test functions so that it gives the AV time to do its job. The delay is applied after the files are created, the files are staggered, and the test operations are performed, and before the test is validated.

output.txt the file test result is saved in the same folder: C: Program Files (x86) Windows Kits 10 Testing Runtimes TAEF

This file contains all the tests performed by the test package. Check the granular test Readme.pdf File included with the AV test package.

If you open output.txt file, you will see a list of all tests as well as a summary of AVCompatTest. Note that the terms “staged file” and “ghost file” are synonymous, so Microsoft used the term “ghosted” in the test names. As you can see from the following example, none of the test Failed = 0, Windows Defender AV is therefore fully compatible with Azure File Sync.

Introducing Azure File Sync Antivirus Compatibility Test Suite 9

A detailed description of each test performed as part of this kit, as well as what to do if it fails. Check Readme.pdf Document included with the AV test package.

Azure File Sync Antivirus Compatibility Test Suite includes two components:

  • StorageSync.sys: Azure File Sync file system filter responsible for inserting files into Azure Files (when cloud separation is enabled).
  • AVCompatTestSuite.dll: Defines a comprehensive list of tests performed using the TAEF framework and produces easy-to-understand results.

Test package to use Test Writing and Performance Framework (TAEF) which is publicly available as part of Windows Driver Kit (WDK) or separate installation.

The AV test confirms that the background scan behaves properly with the placeholders. It is intended to simulate a scheduled AV scan of a user’s file system. In particular, the following rules must be followed for background scanning:

  • Dried placemarks are not scanned, so they are not hydrated.
  • The liquefied files are checked. This is confirmed by monitoring the file usage time during the scan.

This test requires changes runbackgroundscan.cmd to work for the AV product being tested. Make sure you update it according to your AV product. This test will fail if any of the above conditions are not met.

Azure File Sync extends local file servers to Azure while providing cloud benefits while maintaining performance and compatibility. Azure File Sync offers:

  • Multi-site access – grant write access to the same data through Windows servers and Azure Files.
  • Cloud Stairs – Store only recently used data on local servers.
  • Integrated with Azure backup – you don’t have to back up your data on site.
  • Quick Emergency Recovery – recover file metadata immediately and retrieve the data as needed.

We hope you find this guide useful. For more information on Azure File Sync, check the following guides.

__
Thanks for locking my blog.

If you have any questions or feedback, please leave a comment.

-Charbel Nemnom-

LEAVE A REPLY

Please enter your comment!
Please enter your name here