Guides
ProductDeveloperPartnerPersonal
Guides

Enable Cloud Malware Protection for Box Tenants

Umbrella supports Cloud Malware protection for all files within your Box deployment.

Table of Contents

Prerequisites

  • The person performing the installation must be a Box Admin (not Co-Admin)
  • Chrome or Firefox (recommended) with pop-up blockers and ad blockers disabled (only for the duration of authorization)
  • Published and unpublished applications must be enabled in the Box Admin Console (see Verify Box Application Settings.

Limitations

  • A tenant that fails to authenticate cannot be deleted.
  • Umbrella attempts to quarantine a file will fail if actions on the file have been blocked by settings in Box Shield policies. In such a case, the block placed by Box takes precedence over Umbrella’s ability to detect or remediate DLP violations or malware.

Verify Box Application Settings

  1. Log into the Box Admin Console.
  2. Navigate to Settings (the Gear icon) > Enterprise Settings > Apps.
  3. In the Global App Settings section:
  • Do not check: Disable published third party apps by default.
  • Check: Require web app integrations to use secure connections (SSL).
  1. Click Save.

Authorize a Tenant

  1. Navigate to Admin > Authentication.
  2. In the Platforms section, click to expand Box.
  1. In the Cloud Malware section, click Authorize New Tenant to add a Box tenant to your Umbrella environment.
  2. In the Box Authorization dialog box, check the checkbox to verify you meet the prerequisites and then click Next.
  1. Add a Tenant Name and then click Next.
  1. Select a Response Action for Umbrella to apply to Box files found with malware and then click Next.
  • Choose Monitor to cause Umbrella to log files detected with malware. You will be able to manually quarantine these files from the Cloud Malware report.
  • Choose Quarantine to:
  • Move the file into a folder named Cisco_Quarantine_Malware in the root path of the admin who authorized the tenant, remove all collaborators, and change the file owner to the Box admin.
  • Replace the file in its original location with a text file named filename.ppt_Cisco_Quarantined.txt explaining to the original file owner that the file is identified as malware and for more information to contact their organization administrator.
  1. Click Next to be redirected to the Box login page.
  1. Log in to Box with admin credentials to grant access.
924

You are redirected to Umbrella and a message appears showing the integration was successful. It may be up to 24 hours for the integration to be confirmed and appear as Authorized.

  1. Click Done to complete.

Edit a Tenant

You can change the Response Action you have selected for a tenant.

  1. Navigate to Admin > Authentication.
  2. In the Platforms section, click Box.
  3. In the Cloud Malware section , from the Edit column, click Edit. You can edit any tenant.
  1. Select a Response Action for Umbrella to apply to Box files found with malware and then click Next.
    • Choose Monitor to cause Umbrella to log files detected with malware. You will be able to manually quarantine these files from the Cloud Malware report.
    • Choose Quarantine to:
    • Move the file into a folder named Cisco_Quarantine_Malware in the root path of the admin who authorized the tenant, remove all collaborators, and change the file owner to the Box admin.
    • Replace the file in its original location with a text file named filename.ppt_Cisco_Quarantined.txt explaining to the original file owner that the file is identified as malware and for more information to contact their organization administrator.
  2. Click Next.

The new Response Action is displayed.

Revoke Authorization

  1. From the Action column, click Revoke. You can revoke any authorized tenant.
  1. Click Revoke. The selected account is no longer authorized.

Enable Cloud Malware Protection for Azure Tenants< Enable Cloud Malware Protection for Box Tenants > Enable Cloud Malware Protection for Dropbox Tenants