Configuring Office 365 SharePoint Policy

Malware Policy

By default, the Office 365 SharePoint malware policy scans the uploaded files for malicious content.

Supported Actions

Office 365 SharePoint malware policy supports these actions:

  • Quarantine of malware-infected files.

  • Alert owner: Sends an email notification to the user who uploaded a file that contains malicious content.

  • Alert admin(s): Sends an email notification to the admin(s) about the malicious files.

To configure Malware policy:

  1. Access the Avanan Administrator Portal.
  2. From the left navigation panel, click Policy.
  3. Click Create New Policy Rule.
  4. From the Choose SaaS drop-down list, select Office 365 SharePoint.
  5. From the Choose Security drop-down list, select Malware and click Next.
  6. Select the desired protection mode.
    • Detect and Remediate

    • Detect

    (Optional) If required, you can change the Rule Name.

  7. In the Scope section, select the users and/or group of users for whom the policy is applicable.
    • To apply the policy to all users and groups in your organization, enable All Users and Groups checkbox.

    • To apply the policy to specific users or groups, select the users/ groups and click Add to Selected.

    • To exclude specific users or groups from the policy, select the required users/groups and click Add to Excluded.

  8. In the Blades section, select the required threat detection blades for the policy.
    Note:

    To select all the blades available for malware detection, enable All running threat detection blades checkbox.

  9. Scroll down to Attachments section and select the required workflow for the policy in the Suspected malware attachments workflow.
    • Quarantine. User is not alerted (admin can restore)

    • Do nothing

    Note:

    The Workflows are available only when Detect and Remediate protection mode is enabled.

  10. To quarantine malware-infected files, enable the Quarantine drive files checkbox under Alerts.
    Note:

    This option is available only in Detect and Remediate protection mode.

  11. To remove malware-infected files, enable the Remove malicious files checkbox under Alerts.
    Note:
    • If you enable Remove malicious files checkbox, malicious files will be removed permanently, and you cannot restore them.

    • For a policy, you can only enable Quarantine drive files or Remove malicious files.

  12. Configure Alerts for the policy.

    1. To quarantine malware-infected files, enable the Quarantine malicious files checkbox in the Alerts section.

      Note:

      This option is available only in Detect and Remediate protection mode.

    2. To clean malicious files, enable the Clean Files (Threat Extraction) checkbox. See File Cleaning (Threat Extraction) for Office 365 OneDrive and Office 365 SharePoint.

      Note:

      If the Clean files (Threat Extraction) checkbox is not available in your Clean files (Threat Extraction) checkbox is not available in your Avanan account (tenant), contact Avanan Support.

    3. To send email alerts to the file owner of malware, enable the Alert file owner of malware checkbox.

    4. To send email alerts to admins about malware, enable the Alert admin(s) checkbox.

      To configure alerts to the specific users, click Select Users next to the Alert admin(s).

    5. To remove malware-infected files, enable the Remove malicious files checkbox in the Alerts section.

      Note:

      If you enable the Remove malicious files checkbox, malicious files will be removed permanently, and you cannot restore them.

    Note:
    • For a policy, you can only enable Quarantine malicious files or Remove malicious files.

    • Even when the alerts are enabled here in the policy, the administrator only receives email alerts for security events when Receive Alerts role is enabled in the Specific Service Role. For more details about managing roles and permissions in the Check Point Portal, refer to Global Settings > Users in Check Point Portal Administration Guide.

  13. Click Save and Apply.