Manage Cloud Malware Protection

Cloud Malware Protection scans your environment’s cloud platforms for malicious files and any other risks. You can enable more than one instance of a platform. For example, a school administration with an instance of Box for teachers and faculty and another for students can enable both instances, the result being complete malware protection for Box.

When Cloud Malware Protection finds malicious files, the information is presented in the Cloud Malware Report. You can remediate potential risk by configuring a response action that Umbrella will automatically apply for malicious files detected within the tenant:

  • For Webex Teams you can delete the file.
  • For Dropbox, Box, Microsoft 365, and Google you can quarantine the file.
  • The quarantined file is moved into a folder named Cisco_Quarantine_Malware in the root path of the admin who authorized the tenant, removes all collaborators, and changes the file owner to the platform admin.
  • A text file is left in the original location of the quarantined file with the name filename.ppt_Cisco_Quarantined.txt explaining to the original file owner that the file is identified as malware or exposing sensitive data, and for more information to contact their organization administrator.

You can configure each Cloud Malware instance to automatically apply a response action to malicious files when they are detected, or you can manually trigger a response action from the Cloud Malware report. For more information, see Use the Cloud Malware Report.

Enable SSO with Other IDPs < Manage Cloud Malware Protection > Enable Cloud Malware Protection