English (US)
  1. Zendesk help
  2. Admin Center
  3. Using Admin Center
  4. Managing global security and user access

Managing malicious attachments

Jacquelyn Brewer
  • Edited
Zendesk Documentation Team

Suite all Support all

Malware scanning is a security feature that scans all file attachments to tickets and blocks any that are flagged as potentially malicious. When an attachment is flagged as malware, agents are prevented from downloading the file unless an admin overrides the malware identification.

This article includes the following topics:

About malware scanning

Zendesk scans attachments to tickets in Support and Zendesk Suite after they are uploaded. When malware is suspected, agents are unable to access the attachment and end users won't see the attachment.

Attachments to tickets received from the following channels are scanned:
  • Email
  • Help center Submit a request form
  • Attachments API
  • Support Mobile SDK ticket form
  • Classic Web Widget ticket form

Attachments to tickets originating from stand-alone Chat subscriptions and social messaging channels aren't scanned. However, files attached by agents in the Agent Workspace to tickets originating from the following channels are scanned:

  • Web Widget for Messaging
  • Messaging
  • Zendesk Mobile SDK for Messaging

Whether agents see a notification about a blocked attachment and whether admins can override the malware designation depends on the Zendesk product, the agent interface in use, and the channel from which the attachment originated. Specifically, warning labels are only displayed on potentially malicious attachments if email attachments are enabled for the account and agents are working in Support on desktop.

Though linked attachments are scanned, warning labels aren't displayed. Instead, agents just won't be able to open the link.

If malware is detected in attachments to tickets created with the Submit a request link in the help center, the attachments are hidden from end users.

Reviewing potential malware attachments

Malicious attachments to tickets and conversations in Support and Zendesk Suite are inaccessible to agents, but admins have the option to download the flagged attachments and decide whether to allow agents to access them or keep them restricted.

To view a potential malware attachment
  • In a ticket, click the download icon () on the potentially malicious attachment and then click Proceed in the confirmation dialog to download the attachment.
To permit agents to access a flagged attachment
To restrict agent access to a flagged attachment
  • If you want to re-enable agent restrictions to a potentially malicious attachment, under the attachment in the ticket click Restrict access.
Return to top

10 Comments

  • Pat

    Love it! 

    Can we pls participate in the limited release program with smcglobal.zendesk.com?

    0
  • Chika Chima
    Zendesk Product Manager

    Hi Pat !

    I just replied to your ticket.

    0
  • Gaurav Arora

    hey Chika Chima when will malware scanning be available to all users? is there a way we can enable this for our account?

    0
  • Chika Chima
    Zendesk Product Manager

    Gaurav Garg Thanks for the comment!

    We are slated to release Malware scanning to all in June 2022. There will be an announcement as we get closer to the release date.

    0
  • Rafael Santos

    Hi Chika Chima, will we have an API endpoint to restrict agent access to attachments?

    Something similar to the Redaction endpoint

    /api/v2/tickets/{ticket_id}/comments/{comment_id}/attachments/{attachment_id}/restrict

    Additionally, how are these automatic attachment restrictions described in the ticket events? Will we be able to audit when/how those were interacted with?

    0
  • Megumi Nakamura

    Hi Chika Chima, do we need any settings to use this feature?

    I tried to check the detection working by using EICAR Anti-Virus Test File, but nothing happened.

    0
  • Chika Chima
    Zendesk Product Manager

    Hello All!

    Update on the Malware Scanning feature. We are making headway to have a general availability to all customers at towards the end of June 2022. This feature will automatically be turned on for our customers. A help center announcement will be made once we have this feature turned on. 

    This release of Malware scanning will not have an API endpoint. Please continue to use the redaction app. Also in the audit logs, there will be events created when an Admin overrides.

    1
  • CJ Johnson
    • Edited

    Chika Chima Now that this is rolled out to all users, I have the same question as Megumi, I seem to be able to attach the eicar test file in Zendesk just fine, but gmail immediately detects and says it's a virus. Is there a setting we need to turn on? I can't seem to get Zendesk to detect anything as a virus that I try. Does malware scanning not check the agent side of attachments? Do I need to send the eicar file as an end-user? 

    Edit: I also confirmed that I was able to send virus laden files via chat. 

    1
  • Chika Chima
    Zendesk Product Manager

    CJ Johnson

    Thanks for reaching out!

    As referenced on the announcement  rollout to all 100% customers will end by July 14th. So therefore, you may not have this feature just yet.

     

    0
  • David Oegren

    Sadly we already have this feature activated, and it is already impacting our daily business. We as an email security provider get emails/tickets with possible malicious content attached on a daily basis. We can not have admins work through those tickets every hour. Also, it is out of the question to promote every agent to admin just to be able to handle those kinds of tickets. We need a workaround please.

    Is it possible to address this issue via API? We could build ourselves a script automatically releasing affected emails. Or can we build some special role which we can give to our agents without granting them full admin? Please advise.

    0

Please sign in to leave a comment.

Related articles

Powered by Zendesk