Support: Restrict Attachments by File Type



  • Official comment
    Amisha Sharma
    Zendesk Product Manager

    Hey all,

    I just wanted to thank you for taking the time to share your feedback with us! At this time, this isn’t something we are able to fit into our roadmap. We are focusing our resources on composer stability and a few other highly requested features.

    Regarding our composer stability efforts, we are working towards migrating all composers to use the same technology so that any bugs reported can be easier and faster for us to fix and manage.

    While we cannot look into this within the next 6-12 months, we have added your feedback to our backlog for future review.

  • Justin

    Agree with this. We have to restrict our agents to using a 3rd party for file transfer where we can control what type of files are being passed back and forth. Given this is an option in Chat, this seems like a no-brainer.

  • Alexandra Hjert

    Second the need for this. Without this malicious files can be downloaded and it is also a GDPR risk if we're unable to remove sensitive information.


  • Gentry Geissler
    Zendesk Customer Care

    Hi all! 

    I checked with a couple of those on our Product team and they've stated they have attachment control on the roadmap for development. However, it's not something that I can give an exact ETA for, unfortunately.

    Security is very important to Zendesk, and I personally think this will also be a great feature to be added when it gets here!

    Alexandra, you mentioned also wanting to remove attachments that have been added to a ticket, and that gave me a thought. If you haven't heard of this before, our Ticket Redaction App allows for removal of attachments once they've hit your account. If you have any further GDPR questions make sure you contact!

    I hope that helps.

  • Product Team

    Is there any further updates on this?  It's making life very difficult for our users and agents as our security team will not let us allow attachments in the current set-up.



  • Nicole Saunders
    Zendesk Community Manager

    Hi SDS - 

    We do not have any further updates at this time. 

  • Ticket Team

    Pretty horrible this is not an option.  Not sure why it's not.  Shows security wasn't the first priority when creating the product.  We have had many attempts of Ransomware that are allowed through the ticket system.  A $50 home firewall has these options.

  • Fikri Hedianto

    Hi @...,


    Are there any update on this product roadmap?



  • Mathew luby

    Would also like to know if this is on the roadmap and when it will be available? 

  • Charlie

    Hi All,


    Zendesk have an App for this - made by themselves, not a third party - it's free! It has the feature of blocking / allowing by extension and also allows a few other useful features.

    Its called "Attachment Manager"

  • Carl McDowell

    Like Charlie mentioned you can use this free app from the marketplace which has an allow/block list.

    Marketplace link:

    Attachment Manager is a collection of apps that allows you to work with and manage ticket attachments. It combines Attachment Library, Attachment Restriction, Attachment Tagger (formerly Attachment Finder) and the Redact Attachments App. Attachment Manager combines the functionality of these apps into one sidebar experience. It allows an agent to open and close various apps using an accordion-style interface.

  • Jon Hall

    +1 for attachment control. You can do it in Zopim chat, just not the main tool. Not having this feature entails security risk or limitation of functionality if switched off. 

    If this is on roadmap should be possible to share an ETA?

  • Luiz Carlos Poleza Junior

    I did install the plugin, however it does NOT BLOCK users from uploading restrict filetypes.

    The ticket open as unusual, and the attachment is still visible from Support (although restricted, but this can also be circunvented by agents)

    We need a option to REJECT or to BLOCK UPLOAD for certain filetypes

  • Adam Reid (Zendesk Administrator)

    I'd like to +1 this request.

    We use Zendesk for our DMCA/Abuse tickets, and some users will submit attachments with very graphic content.

    We need our customers to attach files, but the issue we are seeing is the thumbnail that appears in the ticket feed. If we get a jpg our staff can be exposed to some unpleasant sights.

    We've like to be able to prevent previews of these thumbnails.


  • Marci Abraham

    I second what @... said. This app does not block users from uploading unwanted attachments, it just gives the agent the ability to manage them. This is totally useless from our perspective. The whole point is to prevent the user from uploading unwanted file types. If they can upload them, they think we are able to see them. For example, EML files. We can't readily open those and read the email that someone thinks they sent us. We want the user to know at the moment they attach it that we do not accept that particular file type. Same goes for security risk file types, like zip and exe.

  • Jest Paint - Santi

    So, 2 years have passed since this very important issue was raised... any improvements on this end?
    How about implementing DMARC tools for even more safety on incoming emails?

  • Damien Messe

    Hello, I have also been contacted by the security team to restrict the upload of files following a message from a bug bounty hunter about this breach.

    Any solution proposed by Zendesk to restrict the upload of certain type of file ?

  • Jacuk-Zurak, Marta


    We have same problem, the restriction on attachments added by End Users is available on Chat. But when a Customer get into Help Center -> My Activities portal he can upload any type of attachments. It is risky as user can upload there anything and our security contacted us as they found it as a bug.

    Any solution that is going to be implemented on Help Center for this bug?


  • Sydney Neubauer

    This has also been brought to our attention. We have the redact app however most of our Agents do not have delete permissions so it is useless to them. 


    We need the ability to prevent the attachments from even making it to Zendesk. It is a security concern with a level 1 priority.


Please sign in to leave a comment.

Powered by Zendesk