Forum Discussion
Azure site recovery cache storage identified with mallware
Hello,
I have enable Azure Site recovery on multiple servers. I am using a premium storage account for the cache data required for the replication.
Defender is keep being trigger telling that he is detection different Malwares by temporary files that are generated on the cache storage account generated by the replication.
The servers, that get replicated, do not detect any mallware on them.
What is the reason and what is the solution?
Is this a normal behaviour?
Thank you
1 Reply
Hi Adrian,
This can happen in Azure Site Recovery because during replication, temporary files are created in the cache storage account. Microsoft Defender may flag these temp files with signatures resembling malware—even when the source servers are clean.
Here are a few things to check:
- Confirm your source servers are clean (sounds like you already did).
- Review the Defender alerts—these are often false positives triggered by replication artifacts.
- If confirmed safe, consider adding exclusions for the cache storage path.
- You can also open a Microsoft Support case to validate the signatures and rule out edge cases.
It’s not uncommon to see this behavior in replication scenarios, but it’s always best to validate if the detections persist—especially in production environments.
Hope that helps!
