I was looking into the Built-in virus protection in SharePoint Online, OneDrive, and Microsoft Teams described in this article: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/virus-detection-in-spo?v... and did some testings.

The artice says:

"The Microsoft 365 virus detection engine scans files asynchronously (at some time after upload). If a file has not yet been scanned by the asynchronous virus detection process, and a user tries to download the file from the browser or from Teams, a scan on download is triggered by SharePoint before the download is allowed."

...however what I've seen ist that this only works if a user tryed to download a single File.

If you select multiple files to download, they are compressed and downloaded without any virus scanning from Microsoft 365 Defender for Office and infected files do not get flagged as such. Only after some time when the asynchron AV scan was running. 

The next thing noticed is, that also the files downloaded by the OneDrive Client from Sharepoint Online or OneDrive for synchronization are also not scanned when the download happens.

Of course the local AntiVirus client should detect and remove infected files that are synced from Sharepoint Online or OneDrive, however if there is any problem with the local AntiVirus client,

I think this provides a vector for compromise.

Has anyone noticed this behavior and found a solution? Maybe I'm just missing an option/setting/feature to address this.

Would be nice if not only single but also multiple files downloaded from Sharepoint Online/ OneDrive could be scanned for malware by Microsoft 365 Defender for Office

and if OneDrive syncronization could be delayed for files that weren't scanned by the asyncron Microsoft 365 Defender for Office malware scan.