Enable Cloud Malware Protection for Google Drive

Table of Contents

Prerequisites

  • Full Admin user role. For more information, see Manage Accounts.
  • The person performing the authentication must be a Google Super Admin and have an active Google user license.
  • Chrome or Firefox is recommended with pop-up blockers/ad blockers disabled (only for the duration of authorization).
  • Secure Access DLP Connector (also known as the SaaS API Connector) must be installed in the tenant by a Google Admin User. We recommend using a service account for the installation.

Limitation

  • A tenant that fails to authenticate cannot be deleted.

Authorize a Tenant

  1. Navigate to Admin > Authentication.
  1. Under Platforms, click to expand Google.
  1. Under Cloud Malware click Authorize New Tenant to add a Google tenant to your Umbrella environment.
  1. In the Google Authorization dialog box, check the checkbox to verify you meet the prerequisite, then click Next.
    Note: The link to the SaaS API Connector brings you to the Secure Access DLP Connector site in the Google Workspace Marketplace. This is correct, despite the nomenclature difference.
  1. Provide a name for your tenant, then click Next.
  1. Select a Response Action for Secure Access to apply to Google files found with malware, then click Next.
  • Choose Monitor to cause Secure Access to log files detected with malware. You will be able to manually quarantine these files from the Cloud Malware report.
  • Choose Quarantine to:
    • Move the file into a folder named Cisco_Quarantine_Malware in the root path of the admin who authorized the tenant, remove all collaborators, and change the file owner to the Google admin.
    • Replace the file in its original location with a text file named filename.ppt_Cisco_Quarantined.txt explaining to the original file owner that the file is identified as malware and for more information to contact their organization administrator.
  1. Enter a valid gmail address and then click Done.
  1. The new tenant will appear in the list under Cloud Malware.

Edit a Tenant

You can change the Response Action you have selected for a tenant.

  1. Navigate to Admin > Authentication.
  1. Under Platforms, click Google.
  2. In the Cloud Malware section , under Action, click Edit. You can edit any tenant.
  1. Select a Response Action for Secure Access to apply to Google files found with malware, then click Next.
  • Choose Monitor to enable the logging of malware-infected files. You will be able to manually quarantine these files from the Cloud Malware report.
  • Choose Quarantine to:
    • Move the file into a folder named Cisco_Quarantine_Malware in the root path of the admin who authorized the tenant, remove all collaborators, and change the file owner to the Google admin.
    • Replace the file in its original location with a text file named filename.ppt_Cisco_Quarantined.txt explaining to the original file owner that the file is identified as malware and for more information to contact their organization administrator.
  1. Click Done to continue.
  1. The new Response Action is displayed.

Revoke Authorization

  1. Under Action, click Revoke. You can revoke any authorized tenant.
  1. Confirm to proceed. The selected tenant will no longer be authorized.

Enable Cloud Malware Protection for Webex Teams Tenants < Enable Cloud Malware Protection for Google Drive > Monitor Secure Access with Reports