Manage Cloud Malware Protection

Cloud Malware Protection scans your environment’s cloud platforms for malicious files and any other risks. You can enable more than one instance of a platform. For example, a school administration with an instance of Box for teachers and faculty and another for students can enable both instances, the result being complete malware protection for Box.

When you authenticate a tenant for Cloud Malware protection, the scan begins immediately and inspects new and updated files as changes occur. Additionally, one week after the tenant is authenticated Cloud Malware also initiates a retroactive scan of all existing files for the tenant going back in time as far as recorded. The time it takes to complete the retroactive scan depends on the number of files in the tenants and their size and on the API rate limit of the platform vendor.

When Cloud Malware Protection finds malicious files, the information is presented in the Cloud Malware Report. You can remediate potential risk by configuring a response action that Umbrella will automatically apply for malicious files detected within the tenant:

  • For Webex Teams you can delete the file.
  • For Dropbox, Box, Microsoft 365, and Google you can quarantine the file.
  • The quarantined file is moved into a folder named Cisco_Quarantine_Malware in the root path of the admin who authorized the tenant, removes all collaborators, and changes the file owner to the platform admin.
  • A text file is left in the original location of the quarantined file with the name filename.ppt_Cisco_Quarantined.txt explaining to the original file owner that the file is identified as malware or exposing sensitive data, and for more information to contact their organization administrator.

Hide Sources with De-identification < Manage Cloud Malware Protection > Enable Cloud Malware Protection