Hello Ed Russell,
Thank you for posting your query here!
Microsoft Defender for Storage uses hash reputation analysis to determine whether an uploaded file is suspicious. The threat protection tools don't scan the uploaded files; rather they analyze the telemetry generated from the Blobs Storage and Files services. Defender for Storage then compares the hashes of newly uploaded files with hashes of known viruses, trojans, spyware, and ransomware.
However, hash reputation analysis isn't supported for all files protocols and operation types. Some, but not all, of the telemetry logs contain the hash value of the related blob or file. In some cases, the telemetry doesn't contain a hash value. As a result, some operations can't be monitored for known malware uploads. Examples of such unsupported use cases include SMB file-shares and when a blob is created using Put Block and Put Block List. Every file type is scanned (including archives like zip files) and a result is returned for every scan. The file size limit is 2 GB.
However, there are some limitations which are not supported by Malware Scanning mentioned https://video2.skills-academy.com/en-us/azure/defender-for-cloud/defender-for-storage-malware-scan#limitations
You can check if your file has any of these limitations.
Alternatively, you can use Azure Logic Apps for handling malware scan results and copying the blob to another storage account. Logic Apps provide a simple, no-code approach to setting up response, although the response time might be slower than the event-driven code-based approach. Please see Option 1: Logic App based on Microsoft Defender for Cloud security alerts for steps on configuring this, the default is delete but you can modify to move it.
Reference - https://video2.skills-academy.com/en-us/azure/defender-for-cloud/defender-for-storage-malware-scan
Do let us know if you have any further queries. I’m happy to assist you further.
Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.