Managing malicious attachments

All Suites

Team, Growth, Professional, Enterprise, or Enterprise Plus

Support

Team, Professional, or Enterprise

Summary: ◀▼

Malware scanning checks all ticket and messaging attachments for threats, blocking flagged files from agents and end users. Admins or authorized agents can review and override restrictions on suspicious attachments. Agents' attachments are also scanned before sending, preventing submission if malware is detected. This feature helps maintain security by controlling access to potentially harmful files in support interactions.

Malware scanning is a security feature that scans all file attachments to tickets and messaging conversations and blocks any that are flagged as potentially malicious. In Agent Workspace, attachments from end users are scanned and, if flagged as malware, agents are prevented from downloading the file unless an admin or agent in a custom role with permissions overrides the malware identification. Additionally, in messaging channels, attachments from agents are scanned as well, and agents are prevented from submitting their comment until the file is removed or replaced.

This article includes the following topics:

About malware scanning
Reviewing potential malware attachments from end users
Reviewing potential malware attachments from agents

About malware scanning

Zendesk scans attachments to tickets and messaging conversations after they are uploaded by the end user. When malware is suspected, agents can't access the attachment, and end users won't see the attachment. Attachments are also scanned in the Zendesk Support mobile app on both iOS and Android.

Whether agents see a notification about a blocked attachment and whether admins or agents in custom roles with permissions can override the malware designation depends on the Zendesk product, the agent interface in use, and the channel from which the attachment originated. Specifically, warning labels are only displayed on potentially malicious attachments if email attachments are turned on for the account and agents are working in Agent Workspace or the Zendesk Support mobile app.

In Agent Workspace:

In the Support mobile app:

If malware is detected in attachments to tickets created with the Submit a request link in the help center, the attachments are hidden from end users.

Reviewing potential malware attachments from end users

Malicious attachments to tickets and conversations are inaccessible to agents, but admins and agents in custom roles with permissions can download the flagged attachments and decide whether to allow agents to access them or keep them restricted. Consult your company's security policy before downloading or taking action on malicious attachments.

To view a potential malware attachment

In a ticket, click the download icon () on the potentially malicious attachment and then click Proceed in the confirmation dialog to download the attachment.

To permit agents to access a flagged attachment

After reviewing the potentially malicious attachment, under the attachment in the ticket click Allow access.

To restrict agent access to a flagged attachment

If you want to re-enable agent restrictions to a potentially malicious attachment, under the attachment in the ticket click Restrict access.

Reviewing potential malware attachments from agents

When an agent attaches a file to a response in Agent Workspace, it is scanned for potential malware as well.

An agent or admin will know their attachment is being scanned when:

A scanning progress bar appears at the bottom of the composer.
During the scan, the Send button is greyed out and unresponsive to agents.

If the attachment is found to be malicious:

An attachment failure message appears at the top of the workspace.

The Send button remains unresponsive until the attachment is removed from the composer. The agent can upload a different attachment and try again.

If the attachment is deemed safe:

The attachment is displayed in the composer.
The Send button is responsive, and the agent can submit their message to the conversation.