| Announced on | Rollout starts | Rollout ends |
|---|---|---|
|
June 27, 2022 |
June 27, 2022 |
July 14, 2022 |
Zendesk is pleased to announce the new malware scanning feature, which provides a more secure agent and end user experience.
What's changing?
The malware scanning feature scans file attachments on tickets in Support and Zendesk Suite. It also scans file attachments of tickets created with the "Submit a request" link in the help center. All the files are scanned after they're uploaded. Agents and end users are prevented from engaging with malicious content. In some cases, malicious attachments are labeled with a warning and admins can evaluate and manage access to the attachment; in other cases, malicious attachments are completely hidden from all users.
For more information, see Managing malicious attachments.
What is the scope of the scanning and when are warnings visible?
In this initial release, the Zendesk product, the channel from which the ticket was received, and the user interface used by the agent working the ticket all determine whether or not an attachment is scanned and when a warning is visible or the file is completely hidden from all users.
Files uploaded and attached to email tickets and Agent Workspace Chat message tickets are scanned for malware (including the Suspended tickets view). Attachments to tickets originating from stand-alone Chat subscriptions and social messaging channels aren't scanned.
If malware is detected, a warning is displayed to agents and admins in the ticket conversation log. For these attachments, admins have the option to download the file to evaluate it and can override the agent restrictions.
Files that are uploaded and attached to tickets created with the "Submit a request" link in the help center are scanned for malware and hidden from end users if malware is detected.
For a complete breakdown of what is scanned and when warning labels are visible, see About malware scanning. Attachments to any tickets or Zendesk objects not listed in the table aren't scanned.
Why is Zendesk making this change?
Malware is constantly evolving and modernizing as malware creators develop sophisticated new tools and attacks. It is important to Zendesk to protect our customers from malicious software attacks so that we can provide the most secure and reliable experience possible.
What do I need to do?
You don't need to do anything. This feature is automatically being rolled out to all customers.
We'd love to hear your feedback in the Malware feedback community post.
11 Comments
Hi Chika Chima,
Great news on the feature. Question/scenario for you, pertaining to this new feature:
We got an external security issue report regarding our support site, powered by Zendesk Guide. The report stated that anybody who has access to our software platform can use it to distribute malicious files which look like they come from us. Here is the workflow:
https://{client_subdomain}.zendesk.com/attachments/token/iO2JYbKVK4kV3CAJ9CX6MQXq9
https://support.{client_subdomain}.com/attachments/token/iO2JYbKVK4kV3CAJ9CX6MQXq9
To get around this issue, it was recommended that we turn on "Enable Secure Downloads". Although doing that has closed this vulnerability, its actually caused us other agent workflow problems such as inability to copy/paste images from clipboard into a ticket comment, as well as outright not being able to see images in the ticket body upon ticket submission.
Will this new feature close the stated vulnerability above, and allow us to disable "Enable Secure Downloads"?
I would like to be able to create a workflow to notify Admins when attachments flagged.
Is the malware flag an action/event that a trigger can be built around?
Are any tags applied when Zendesk blocks an attachment through this feature?
"Files that are uploaded and attached to tickets in the help center Customer Portal are scanned for malware and hidden from all users if malware is detected. Currently, admins can't override the malware designation on attachments added this way."
Will there be some indication that an attachment was removed because of malware?
Hi Jimmy Rufo
Thanks for the feedback.
I would not suggest to disable Enabled secure downloads. Malware scanning feature just provides warning designations to Admins and Agents only when a file attachment is deemed malicious. However, malicious file attachments and warning designations will not appear to end users.
In regards to your scenario; Malware scanning does scan file attachments in the Help Center customer portal: "Submit a ticket". And URL file attachment links will not be able to download by Agents and end users if the malware scanner deemed the URL file attachment link as malicious.
Hi,
I have a few questions -
1. Is each attachment download will be blocked now until the attachment scan will be finished? How much latency can this add to viewing attachments? can this latency change based on the load of the system (e.g peak time hours where we receive a lot of tickets)?
2. Will we receive some flag for a file being malicious in the attachments endpoint?
3. Is there a plan to to disable this feature and extend Zendesk api to support this flow so I could plug in a different attachment scanning process (sending the file to another system that will be able to mark this file as malicious instead of Zendesk)?
4. May I ask how does the scanning attachment flow works? Is it something in house? How can I know the attachments are not going to some third service party?
Thanks
Hi Omer Bar Lev
Thanks for reaching out for our new malware scanning feature! For future questions, comments and concern please record them here
There is help center article on additional on how this feature works for your reference.
Since this feature is not optional it will greatly be impacting our daily business as an email security provider. We get support requests with potentially dangerous attachments on a daily basis, and we can not afford to have our admins releasing affected emails, nor can we promote all trained agents to admins.
Opened up thread here:
https://support.zendesk.com/hc/en-us/community/posts/4724548854426-malware-scanning-feature-blocking-certain-companies-daily-business
thankyou.
"Specifically, files that are uploaded and attached to email and chat-based tickets, including the suspended ticket queue, are scanned for malware"
The article on this feature directly contradicts this.
"Attachments to tickets originating from stand-alone Chat subscriptions and social messaging channels aren't scanned."
Which is correct?
Hi CJ Johnson
The article has been updated for further clarification.
Files uploaded and attached to email tickets and Agent Workspace Chat message tickets are scanned for malware (including the Suspended tickets view). Attachments to tickets originating from stand-alone Chat subscriptions and social messaging channels aren't scanned.
Which is also stated in this article:
Attachments to tickets originating from stand-alone Chat subscriptions and social messaging channels aren't scanned. However, files attached by agents in the Agent Workspace to tickets originating from the following channels are scanned:
Just wanted to follow up on Vaughan's question: "Is the malware flag an action/event that a trigger can be built around?"
We are looking to build a workflow for our Admins and this information would be a great help.
Hi Liam Devine!
Thanks for your feedback!
We are in discovery to see how we can add automation/triggers on potential malicious file attachments on Support Tickets.
Thanks!
Please sign in to leave a comment.