Guides
Secure Access Help Center

Manage Cloud Malware Protection

Cloud Malware Protection scans your environment’s cloud platforms for malicious files and any other risks. You can enable more than one instance of a platform. For example, a school administration with an instance of Box for teachers and faculty and another for students can enable both instances, the result being complete malware protection for Box.

When you authenticate a tenant for Cloud Malware protection, the scan begins immediately and inspects new and updated files as changes occur. Additionally, one week after the tenant is authenticated Cloud Malware also initiates a retroactive scan of all existing files for the tenant going back in time as far as recorded. The time it takes to complete the retroactive scan depends on the number of files in the tenants and their size and on the API rate limit of the platform vendor.

When Cloud Malware Protection finds malicious files, the information is presented in the Cloud Malware Report. You can remediate potential risk by configuring a response action that Secure Access will automatically apply for malicious files detected within the tenant:

  • For Webex Teams you can delete the file.
  • For Dropbox, Box, Microsoft 365, and Google you can quarantine the file.
  • The quarantined file is moved into a folder named Cisco_Quarantine_Malware in the root path of the admin who authorized the tenant, removes all collaborators, and changes the file owner to the platform admin.
  • A text file is left in the original location of the quarantined file with the name filename.ppt_Cisco_Quarantined.txt explaining to the original file owner that the file is identified as malware or exposing sensitive data, and for more information to contact their organization administrator.
  • For ServiceNow you can choose to quarantine the file.
  • The file is moved into a table named Cisco_Quarantine_Malware which can be access only by the admin user who authorized the ServiceNow tenant.
  • A footprint is attached to the notes\activities area of the table the file is attached to. This footprint will notify users that the file has been identified as malware, and for more information they should contact their administrator.

Cloud Access Security Broker protection for Microsoft 365

In addition to Cloud Malware protection for OneDrive and SharePoint sites within your Microsoft 365 deployment, Secure Access supports detection of third-party cloud applications that have been granted OAuth-based permission to access a user's protected resources on Microsoft 365. For more information, see Enable Cloud Access Security Broker Protection for Microsoft 365 Tenants.

Hide Sources with De-identification < Manage Cloud Malware Protection > Enable Cloud Malware Protection

Updated 3 months ago