learn.microsoft.com
Open in
urlscan Pro
2a02:26f0:c6:2bb::3544
Public Scan
Submitted URL: http://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/virus-detection-in-spo?view=o365-worldwide
Effective URL: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-malware-protection-for-spo-odfb-teams-abou...
Submission: On November 21 via api from DE — Scanned from DE
Effective URL: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-malware-protection-for-spo-odfb-teams-abou...
Submission: On November 21 via api from DE — Scanned from DE
Form analysis 3 forms found in the DOM
Name: nav-bar-search-form — GET /en-us/search/
<form class="nav-bar-search-form" method="GET" name="nav-bar-search-form" role="search" id="nav-bar-search-form" aria-label="Search" action="/en-us/search/">
<div class="autocomplete" data-bi-name="autocomplete"><!---->
<div class="field-body control ">
<input role="combobox" maxlength="100" aria-autocomplete="list" autocapitalize="off" autocomplete="off" autocorrect="off" spellcheck="false" id="site-search-input" data-test-id="site-search-input" class="autocomplete-input input input-sm
" type="search" name="terms" aria-expanded="false" aria-owns="ax-84-listbox" aria-controls="ax-84-listbox" aria-activedescendant="" aria-label="Search" aria-describedby="ms--site-search-input-description" placeholder="Search" pattern=".*">
<span aria-hidden="true" class="icon is-small is-left" hidden="">
<span class="has-text-primary docon docon-"></span>
</span>
<span aria-hidden="true" class="autocomplete-loader loader has-text-primary " hidden=""></span>
<span hidden="" id="ms--site-search-input-description"> Suggestions will filter as you type </span>
</div>
<ul role="listbox" id="ax-84-listbox" data-test-id="site-search-input-listbox" class="autocomplete-suggestions is-vertically-scrollable padding-xxs " aria-label="Suggestions" hidden="">
</ul>
<!---->
</div>
<!-- mobile safari will not dispatch submit event unless there's a submit button that is not display:none -->
<button type="submit" class="visually-hidden" tabindex="-1" aria-hidden="true"></button>
<input name="category" hidden="" value="">
</form>Name: nav-bar-search-form — GET /en-us/search/
<form class="nav-bar-search-form" method="GET" name="nav-bar-search-form" role="search" id="nav-bar-search-form-desktop" aria-label="Search" action="/en-us/search/">
<div class="autocomplete" data-bi-name="autocomplete"><!---->
<div class="field-body control has-icons-left">
<input role="combobox" maxlength="100" aria-autocomplete="list" autocapitalize="off" autocomplete="off" autocorrect="off" spellcheck="false" id="site-search-input-desktop" data-test-id="site-search-input-desktop" class="autocomplete-input input input-sm
control has-icons-left
" type="search" name="terms" aria-expanded="false" aria-owns="ax-85-listbox" aria-controls="ax-85-listbox" aria-activedescendant="" aria-label="Search" aria-describedby="ms--site-search-input-desktop-description" placeholder="Search"
pattern=".*">
<span aria-hidden="true" class="icon is-small is-left">
<span class="has-text-primary docon docon-search"></span>
</span>
<span aria-hidden="true" class="autocomplete-loader loader has-text-primary " hidden=""></span>
<span hidden="" id="ms--site-search-input-desktop-description"> Suggestions will filter as you type </span>
</div>
<ul role="listbox" id="ax-85-listbox" data-test-id="site-search-input-desktop-listbox" class="autocomplete-suggestions is-vertically-scrollable padding-xxs " aria-label="Suggestions" hidden="">
</ul>
<!---->
</div>
<!-- mobile safari will not dispatch submit event unless there's a submit button that is not display:none -->
<button type="submit" class="visually-hidden" tabindex="-1" aria-hidden="true"></button>
<input name="category" hidden="" value="">
</form>javascript:
<form action="javascript:" role="search" aria-label="Search" class="margin-bottom-xxs"><label class="visually-hidden" for="ax-95">Search</label>
<div class="autocomplete display-block" data-bi-name="autocomplete"><!---->
<div class="field-body control has-icons-left">
<input role="combobox" maxlength="100" aria-autocomplete="list" autocapitalize="off" autocomplete="off" autocorrect="off" spellcheck="false" id="ax-95" data-test-id="ax-95" class="autocomplete-input input input-sm
control has-icons-left
width-full" type="text" aria-expanded="false" aria-owns="ax-96-listbox" aria-controls="ax-96-listbox" aria-activedescendant="" aria-describedby="ms--ax-95-description" placeholder="Filter by title" pattern=".*">
<span aria-hidden="true" class="icon is-small is-left">
<span class="has-text-primary docon docon-filter-settings"></span>
</span>
<span aria-hidden="true" class="autocomplete-loader loader has-text-primary " hidden=""></span>
<span hidden="" id="ms--ax-95-description"> Suggestions will filter as you type </span>
</div>
<ul role="listbox" id="ax-96-listbox" data-test-id="ax-95-listbox" class="autocomplete-suggestions is-vertically-scrollable padding-xxs " aria-label="Suggestions" hidden="">
</ul>
<!---->
</div>
</form>Text Content
Skip to main content
We use optional cookies to improve your experience on our websites, such as
through social media connections, and to display personalized advertising based
on your online activity. If you reject optional cookies, only cookies necessary
to provide you the services will be used. You may change your selection by
clicking “Manage Cookies” at the bottom of the page. Privacy Statement
Third-Party Cookies
Accept Reject Manage cookies
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security
updates, and technical support.
Download Microsoft Edge More info about Internet Explorer and Microsoft Edge
Documentation
Global navigation
* Learn
* Documentation
* Training
* Credentials
* Q&A
* Code Samples
* Assessments
* Shows
* More
* Documentation
* Training
* Credentials
* Q&A
* Code Samples
* Assessments
* Shows
Suggestions will filter as you type
Suggestions will filter as you type
Search
Sign in
* Profile
* Settings
Sign out
Microsoft 365
* Solutions and architecture
* Get started
* Set up your infrastructure for hybrid work
* Set up secure collaboration
* Deploy threat protection
* Data privacy and data protection
* Microsoft 365 for smaller businesses and campaigns
* Apps and services
* Microsoft Teams
* Microsoft 365 admin center
* Microsoft 365 Apps
* Microsoft Purview
* Microsoft 365 security
* SharePoint
* OneDrive
* All apps and services
* Training
* Training for IT Pros
* Microsoft 365 certifications
* Microsoft 365 learning pathways
* Resources
* Microsoft 365 support
* FastTrack
* Troubleshooting
* Microsoft 365 tech community
* Resources for developers
* More
* Solutions and architecture
* Get started
* Set up your infrastructure for hybrid work
* Set up secure collaboration
* Deploy threat protection
* Data privacy and data protection
* Microsoft 365 for smaller businesses and campaigns
* Apps and services
* Microsoft Teams
* Microsoft 365 admin center
* Microsoft 365 Apps
* Microsoft Purview
* Microsoft 365 security
* SharePoint
* OneDrive
* All apps and services
* Training
* Training for IT Pros
* Microsoft 365 certifications
* Microsoft 365 learning pathways
* Resources
* Microsoft 365 support
* FastTrack
* Troubleshooting
* Microsoft 365 tech community
* Resources for developers
1. Free Account
Table of contents Exit focus mode
Version
Microsoft 365
* Office 365
* Office 365 operated by 21Vianet (China)
Search
Suggestions will filter as you type
* Office 365 security
* Overview
* Get started
* Evaluate
* Deploy
* Migrate
* Protect and Detect
* Defender for Office 365 SecOps Guide
* Defender for Office 365 in Microsoft Teams
* Security recommendations for priority accounts
* Usage card in Defender for Office 365
* Protection policies
* Preset security policies
* Recommended settings for configuring EOP and Defender for Office 365
Security
* Configuration analyzer for protection policies
* Anti-malware in EOP
* Anti-malware protection
* Configure anti-malware policies
* Anti-malware protection FAQ
* Zero-hour auto purge (ZAP)
* Virus detection in SharePoint Online
* Anti-spam in EOP
* Anti-phishing in EOP and Defender for Office 365
* Safe Attachments in Defender for Office 365
* Safe Links in Defender for Office 365
* Outbound spam protection in EOP
* Connection filtering in EOP
* Audit log search
* Advanced delivery policy
* Alert policies
* Allow and block
* Attack simulation training in Defender for Office 365
* Connectors for mail flow
* Delegated administration
* Exchange mail flow rules (transport rules)
* Message trace
* Quarantine
* Reports
* Safe Documents in Microsoft 365 A5 or E5 Security
* Investigate and Respond
* Reference
* Microsoft Defender XDR docs
* Step-by-step guides
Download PDF
1. Learn
2. Microsoft 365
3. Microsoft Defender for Office 365
1. Learn
2. Microsoft 365
3. Microsoft Defender for Office 365
Read in English Add
Table of contents Read in English Add Edit Print
Twitter LinkedIn Facebook Email
Table of contents
BUILT-IN VIRUS PROTECTION IN SHAREPOINT ONLINE, ONEDRIVE, AND MICROSOFT TEAMS
* Article
* 06/09/2023
* 5 contributors
* Applies to: ✅ Exchange Online Protection, ✅ Microsoft Defender for Office 365
plan 1 and plan 2
Feedback
IN THIS ARTICLE
1. What happens if an infected file is uploaded to SharePoint Online?
2. What happens when a user tries to download an infected file by using the
browser?
3. Can admins bypass DisallowInfectedFileDownload and extract infected files?
4. What happens when the OneDrive sync client tries to sync an infected file?
5. Extended capabilities with Microsoft Defender for Office 365
6. Related articles
Show 2 more
Tip
Did you know you can try the features in Microsoft 365 Defender for Office 365
Plan 2 for free? Use the 90-day Defender for Office 365 trial at the Microsoft
Defender portal trials hub. Learn about who can sign up and trial terms here.
Microsoft 365 uses a common virus detection engine for scanning files that users
upload to SharePoint Online, OneDrive, and Microsoft Teams. This protection is
included with all subscriptions that include SharePoint Online, OneDrive, and
Microsoft Teams.
Important
The built-in anti-virus capabilities are a way to help contain viruses. They
aren't intended as a single point of defense against malware for your
environment. We encourage all customers to investigate and implement
anti-malware protection at various layers and apply best practices for securing
their enterprise infrastructure.
WHAT HAPPENS IF AN INFECTED FILE IS UPLOADED TO SHAREPOINT ONLINE?
The Microsoft 365 virus detection engine scans files asynchronously (at some
time after upload). If a file has not yet been scanned by the asynchronous virus
detection process, and a user tries to download the file from the browser or
from Teams, a scan on download is triggered by SharePoint before the download is
allowed. All file types are not automatically scanned. Heuristics determine the
files to scan. When a file is found to contain a virus, the file is flagged.
Here's what happens:
1. A user uploads a file to SharePoint Online.
2. SharePoint Online, as part of its virus scanning processes, later determines
if the file meets the criteria for a scan.
3. If the file meets the criteria for a scan, the virus detection engine scans
the file.
4. If a virus is found within the scanned file, the virus engine sets a
property on the file that indicates the file is infected.
WHAT HAPPENS WHEN A USER TRIES TO DOWNLOAD AN INFECTED FILE BY USING THE
BROWSER?
By default, users can download infected files from SharePoint Online. Here's
what happens:
1. In a web browser, a user tries to download a file from SharePoint Online
that happens to be infected.
2. The user is shown a warning that a virus has been detected in the file. The
user is given the option to proceed with the download and attempt to clean
it using anti-virus software on their device.
To change this behavior so users can't download infected files, even from the
anti-virus warning window, admins can use the DisallowInfectedFileDownload
parameter on the Set-SPOTenant cmdlet in SharePoint Online PowerShell. The value
$true for the DisallowInfectedFileDownload parameter completely blocks access to
detected/blocked files for users.
For instructions, see Use SharePoint Online PowerShell to prevent users from
downloading malicious files.
CAN ADMINS BYPASS DISALLOWINFECTEDFILEDOWNLOAD AND EXTRACT INFECTED FILES?
SharePoint admins and global admins are allowed to do forensic file extractions
of malware-infected files in SharePoint Online PowerShell with the
Get-SPOMalwareFileContent cmdlet. Admins don't need access to the site that
hosts the infected content. As long as the file has been marked as malware,
admins can use Get-SPOMalwareFileContent to extract the file.
For more information about the infected file, admins can use the
Get-SPOMalwareFile cmdlet to see the type of malware that was detected and the
status of the infection.
WHAT HAPPENS WHEN THE ONEDRIVE SYNC CLIENT TRIES TO SYNC AN INFECTED FILE?
When a malicious file is uploaded to OneDrive, it will be synced to the local
machine before it's marked as malware. After it's marked as malware, the user
can't open the synced file anymore from their local machine.
EXTENDED CAPABILITIES WITH MICROSOFT DEFENDER FOR OFFICE 365
Microsoft 365 organizations that have Microsoft Defender for Office 365 included
in their subscription or purchased as an add-on can enable Safe Attachments for
SharePoint, OneDrive, and Microsoft Teams for enhanced reporting and protection.
For more information, see Safe Attachments for SharePoint, OneDrive, and
Microsoft Teams.
RELATED ARTICLES
Malware and ransomware protection in Microsoft 365
Turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams.
FEEDBACK
Submit and view feedback for
This product This page
View all page feedback
--------------------------------------------------------------------------------
ADDITIONAL RESOURCES
English (United States)
Theme
* Light
* Dark
* High contrast
* Manage cookies
* Previous Versions
* Blog
* Contribute
* Privacy
* Terms of Use
* Trademarks
* © Microsoft 2023
ADDITIONAL RESOURCES
IN THIS ARTICLE
English (United States)
Theme
* Light
* Dark
* High contrast
* Manage cookies
* Previous Versions
* Blog
* Contribute
* Privacy
* Terms of Use
* Trademarks
* © Microsoft 2023