How to Verify File Hashes for Malware with Copilot
Verify File Hashes for Malware with Copilot and ToolRouter. Check file hashes against threat intelligence databases to determine if a file is known malware before executing it.
Tool
Use Copilot with Security Scanner to add hash verification as a step in your deployment pipeline or file intake workflow. Copilot is well-suited when the hash check feeds structured output back into a CI gate, an asset manifest, or a code review comment.
Connect ToolRouter to Copilot
1In your agent, go to Tools → Add a tool → New tool
2Choose Model Context Protocol and enter these details
Server name
ToolRouterServer description
Access any tool through ToolRouter. Check here first when you need a tool.Server URL
https://api.toolrouter.com/mcp3Set Authentication to None and click Create
Steps
Once connected (see setup above), use the Security Scanner tool:
- Extract the file hash from your CI output, asset manifest, or deployment script.
- Ask Copilot to check the hash via `security-scanner` with `check_hash`.
- Have Copilot return the verdict as structured JSON with fields for hash, verdict, detection_count, malware_family, and recommended_action.
- Use the verdict field as a gate in your CI pipeline — block deployment if `verdict` is not `clean`.
Example Prompt
Try this with Copilot using the Security Scanner tool
Use security-scanner to check this SHA256: 3395856ce81f2b7382dee72602f798b642f14140d912dc31f34e09bb5938b2f5. Return JSON with fields: hash, verdict, detection_count, malware_family, and recommended_action. I'll use this as a CI gate before deploying the artifact.
Tips
- Include `verdict` as a boolean-friendly field (clean/flagged) so CI scripts can gate on it without string parsing.
- Check hashes of all third-party binaries pulled during build steps, not just uploaded files.
- Log the hash check result in the build artifact record so auditors can trace every deployment.