Malware scanning is a security feature that scans all file attachments to tickets and blocks any that are flagged as potentially malicious. When an attachment is flagged as malware, agents are prevented from downloading the file unless an admin or agent in a custom role with permissions overrides the malware identification.
About malware scanning
Zendesk scans attachments to tickets in Support and Zendesk Suite after they are uploaded. When malware is suspected, agents can't access the attachment, and end users won't see the attachment. Attachments are also scanned in the Zendesk Support mobile app on both iOS and Android in the new agent experience.
- Help center Submit a request form
- Attachments API
- Support Mobile SDK ticket form
- Classic Web Widget ticket form
Attachments to tickets originating from standalone Chat subscriptions, social channels, social messaging channels, and Zendesk messaging aren't scanned. However, files attached by agents in the Agent Workspace to tickets originating from the following channels are scanned:
- Web Widget for messaging
- Messaging
- Zendesk Mobile SDK for Messaging
Whether agents see a notification about a blocked attachment and whether admins or agents in custom roles with permissions can override the malware designation depends on the Zendesk product, the agent interface in use, and the channel from which the attachment originated. Specifically, warning labels are only displayed on potentially malicious attachments if email attachments are turned on for the account and agents are working in Support on the desktop or mobile app.
In Support on the desktop:
In the Support mobile app:
If malware is detected in attachments to tickets created with the Submit a request link in the help center, the attachments are hidden from end users.
Reviewing potential malware attachments
Malicious attachments to tickets and conversations in Support and Zendesk Suite are inaccessible to agents, but admins and agents in custom roles with permissions can download the flagged attachments and decide whether to allow agents to access them or keep them restricted. Consult your company's security policy before downloading or taking action on malicious attachments.
- In a ticket, click the download icon (
) on the potentially malicious attachment and then click Proceed in the confirmation dialog to download the attachment.
- After reviewing the potentially malicious attachment, under the attachment in the ticket click Allow access.
- If you want to re-enable agent restrictions to a potentially malicious attachment, under the attachment in the ticket click Restrict access.
30 comments
Pat
Love it!
Can we pls participate in the limited release program with smcglobal.zendesk.com?
0
Chika Chima
Hi Pat !
I just replied to your ticket.
0
Gaurav Arora
hey Chika Chima when will malware scanning be available to all users? is there a way we can enable this for our account?
0
Chika Chima
Gaurav Garg Thanks for the comment!
We are slated to release Malware scanning to all in June 2022. There will be an announcement as we get closer to the release date.
0
Rafael Santos
Hi Chika Chima, will we have an API endpoint to restrict agent access to attachments?
Something similar to the Redaction endpoint
Additionally, how are these automatic attachment restrictions described in the ticket events? Will we be able to audit when/how those were interacted with?
0
Megumi Nakamura
Hi Chika Chima, do we need any settings to use this feature?
I tried to check the detection working by using EICAR Anti-Virus Test File, but nothing happened.
0
Chika Chima
Hello All!
Update on the Malware Scanning feature. We are making headway to have a general availability to all customers at towards the end of June 2022. This feature will automatically be turned on for our customers. A help center announcement will be made once we have this feature turned on.
This release of Malware scanning will not have an API endpoint. Please continue to use the redaction app. Also in the audit logs, there will be events created when an Admin overrides.
1
CJ Johnson
Chika Chima Now that this is rolled out to all users, I have the same question as Megumi, I seem to be able to attach the eicar test file in Zendesk just fine, but gmail immediately detects and says it's a virus. Is there a setting we need to turn on? I can't seem to get Zendesk to detect anything as a virus that I try. Does malware scanning not check the agent side of attachments? Do I need to send the eicar file as an end-user?
Edit: I also confirmed that I was able to send virus laden files via chat.
0
Chika Chima
CJ Johnson
Thanks for reaching out!
As referenced on the announcement rollout to all 100% customers will end by July 14th. So therefore, you may not have this feature just yet.
-1
David Oegren
Sadly we already have this feature activated, and it is already impacting our daily business. We as an email security provider get emails/tickets with possible malicious content attached on a daily basis. We can not have admins work through those tickets every hour. Also, it is out of the question to promote every agent to admin just to be able to handle those kinds of tickets. We need a workaround please.
Is it possible to address this issue via API? We could build ourselves a script automatically releasing affected emails. Or can we build some special role which we can give to our agents without granting them full admin? Please advise.
1
Rakhesh Mohan
Hi Team
Can you please provide a malicious test file for our QA related to Zenbox API's. Would like to check the E2E flow via the API's as well as from client side
2
CJ Johnson
Chika Chima Could you explain how we can check to see if this active? I can count four other people asking for this in this thread, and I'm still unable to see it and able to upload malicious files. How can we test this to see if it's actually turned on? How can we report to you when it seems to allow malicious attachments?
0
Chika Chima
Hi Everyone,
The Malware scanning feature has officially completed the automatic rollout July 14, 2022 to all Zendesk customers. Meaning, there is no additional settings or controls that needs to happen on your accounts!
As mentioned in the article, warning designations will show on the ticket UI if the scanners deemed the file attachment malicious. As well which channels the scanning is taking place for this first release.
In regards to testing the feature with purposely sending malicious files, we recommend to reach out to your respective security organizations for such requests.
We will appreciate feedback in this forum and we will announce how to signup for feedback calls about this new feature
-1
Chika Chima
Hello! As promised this is a calendly link to sign up to hear more about your feedback on this feature!
-1
Ani Samajpati
Is there a way to check in the Zendesk ticket if the attachments were scanned?
0
Jupete Manitas
This malware scanning functionality is in the background and will scan tickets automatically. At the moment, there is no way yet to check in the zendesk ticket if it was scanned. However, this can be a good feature. You can submit this as product feedback and be included in the ticket events or in the UI. Thank you!
0
jim lehman
When malware is found, are there any logs we can read?
0
Ronie Ranoy
Unfortunately there is no feature of logs when a malware is found. Would you mind posting your use case to our Feedback on Support topic? We have a template you can copy and use in your post. This is to help get more visibility and votes on the idea. Then, others can share their use cases to further drive demand for that feature. Thanks!
0
Ashley M
We need a tag adding to the ticket when Malware is found, that will allow us to create our own flows.
0
Hannah Lucid
Hello,
How does Zendesk determine what is marked as potential malware and not?
0
Chika Chima
Hi Hannah, thanks for reaching out
Zendesk takes security very seriously, which is why we partnered with a leading malware detection company to protect our customers. The malware scanning service is an in-depth defense mechanism that detects potentially malicious files uploaded to all Zendesk accounts as file attachments in the Support product.
This feature scans all files and does its best to determine how safe a file is; however, no scanner is 100% accurate.
0
Hannah Lucid
Hi Chika Chima thank you for this information! What are the checkpoints that this features looks for to make a determination on how safe a file is? I just want to better understand this feature. :)
0
Mike DR
For more details on this, I would suggest posting in our Developer community in order for our Dev team to provide a detailed answer about your inquiry: Developer community
I also checked our Dev docs but doesn't provide the specifics here
0
bill cicchetti
Hi, Is there any additional security features on the roadmap regarding scanning for malicious attachments?
0
Caroline Scott
Some of our own attachments that we send to customers are being flagged as malware. How can we know why it has been flagged?
0
Holly
Jacquelyn Brewer
This has been flagging a lot more (also seems to be a problem with Carollne Scott above too). Were there any recent changes in how Zendesk scans Malware? It's flagging innocuous documents.
0
Caroline Scott
The issue we had was with attachments with a docx. file type. When I changed them to a doc. file type instead they were fine
0
Chika Chima
Hi Everyone,
As part of our commitment to continuously improving the security of your accounts, we collaborated with our third-party cybersecurity partner to enhance the MSS feature. However, we have noticed that these adjustments led to an overly sensitive scanning process. To minimize any disruption to your workflows, we have decided to revert back.
Thank you for your understanding
0
Holly
Hi Chika Chima
Thank you! It looks like we still have ours being flagged though. Has it been reverted in all pods?
0
bill cicchetti
Our support team is also still seeing this message
0