Top
Login
Contents x
Whatfix Store: Our recommended choice to host Whatfix extensions
  • 26 Mar 2025
  • 2 Minutes To Read
  • Print
  • Dark
    Light
  • PDF
Contents

Whatfix Store: Our recommended choice to host Whatfix extensions

  • Updated On 26 Mar 2025
  • 2 Minutes To Read
  • Print
  • Dark
    Light
  • PDF
Article summary

At Whatfix, security is an important aspect. We often compare Whatfix Store's security practices to the rigorous checks performed by the Chrome Store. Hosting the Whatfix extension directly on the Whatfix store ensures that feature updates, bug fixes, and security patches are available significantly sooner than other extension stores.

Whatfix adheres to the following practices to ensure Whatfix store’s security posture is consistent with Chrome store:

  • Whatfix is MV3 compliant.

  • Whatfix performs on-upload malware scanning.

To ensure the security of extensions downloaded from the Whatfix Store and other files served from the Whatfix Content Delivery Network (CDN), we've integrated Microsoft Defender for Storage.

What is on-upload malware scanning?

Microsoft Defender for Storage utilizes a crucial security mechanism: on-upload malware scanning. A process, mirroring its functionality within Azure Storage, involves a real-time, deep scan of every file as it is uploaded to the Whatfix store. This immediate analysis prevents potentially malicious files from ever residing in our storage infrastructure, effectively blocking threats at the point of entry.

For example, when Whatfix uploads a new extension to the Whatfix Store, Microsoft Defender for Storage immediately activates, analyzing the file's contents for known and unknown malware signatures and suspicious patterns.

Microsoft Defender for Storage integration provides the following key security enhancements through real-time malware scanning:

  • Scalable Deployment: Streamlined configuration enables rapid and wide-scale deployment across storage accounts, simplifying security management.

  • Advanced Malware Detection: Robust detection capabilities identify metamorphic and polymorphic malware variants, effectively mitigating sophisticated threats.

  • Granular Storage Security: In-depth control and protection policies can be implemented across individual storage accounts, enabling tailored security postures.

  • Quick Incident Response: Configurable workflows and seamless Security Information and Event Management (SIEM) integration facilitate rapid threat detection and response, minimizing potential impact.

How does Whatfix respond when an incident occurs?

The following section highlights the different procedures in place to detect, alert and quarantine any malware detected during file upload:

On-Upload Scanning

Every time a file is uploaded to the Azure Blob storage, or if there's any mutation of existing files, a scan is triggered. This includes checks for both polymorphic and metamorphic malware.

Event Generation

Each scan generates an event. If malware is detected or if the scan is unsuccessful, this event is sent to Whatfix's Security Incident and Event Monitoring (SIEM) tool.

Actions Taken Upon Detection

The SIEM tool is configured to trigger alerts to the Site Reliability Engineering (SRE) team whenever a malware detection event occurs.

Quarantine Procedure

An Azure function is in place to automatically quarantine any file that fails the scan.

The file is removed from the Azure Blob and placed into a private container, ensuring it is not accessible to customers or the application.

Notification Process

Internal Notification:

The internal team receives alerts from the SIEM tool about any detected malware.

Customer Notification:

If Whatfix detects an issue when an extension is uploaded, based on the frequency and clause agreed on the contract, an email notification is sent informing you about any problems.

Security Measures

Compliance with MV3 Guidelines:

The Whatfix extension is compliant with MV3 guidelines, ensuring it does not fetch or execute remote scripts.

Content Handling:

When generating an extension, Whatfix does not take any files from the end user machine. The process involves API calls to the backend, which uses pre-existing content from the database.

Potential Scenarios

What happens if malware is uploaded through the extension?

If malware is detected in an uploaded extension, it is quarantined and based on the frequency and clause agreed on the contract, you receive an email notification.

What happens if a user tries to upload the extension from a compromised machine?

The system is designed to prevent compromised machines from uploading malicious content by not directly using files from the local machine.

For more information, refer to Microsoft's On-upload malware scanning.

Was this article helpful?
What's Next
Privacy Policy | Whatfix Glossary | Whatfix Platform Status
Copyright © 2024 WHATFIX TM. All rights reserved.
Change password!
Changing your password will log you out immediately. Use the new password to log back in.
Change profile
Success!
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
Logout