Advanced protection against malware and ransomware

File Protection is a feature of WithSecure Cloud Protection for Salesforce. It scans every file that enters or moves through Salesforce, across Sales Cloud, Service Cloud and Experience Cloud, and including both standard and custom objects.

Files uploaded through forms, cases, portals, emails, APIs or automations are analyzed in real time using multi-engine antivirus, heuristics, and sandboxing behavioral analysis. The NextGen Antivirus for Salesforce detects and blocks malware, ransomware, file type spoofing, and even malicious links hidden inside files – including behind QR codes.

It also covers advanced scenarios such as password-protected archives and large files, ensuring threats are stopped before they reach users or cause disruption.

The Security Cloud constantly learns and adapts to emerging threats by harnessing real-time global threat intelligence. It proactively monitors and responds to new threats instantly, ensuring swift and effective protection across all user devices. As the system detects new threats, it updates its database and algorithms continuously. The system updates automatically in the cloud and requires no manual updates.

Additionally, we integrate unique data from our partnerships with Fortune 500 companies to enhance our threat detection capabilities. This collaborative approach enriches our threat database, and as a result provides broader protection in an evolving digital threat landscape.

Even if initial scans and reputational checks fail to identify a file as malicious, a suspicious profile triggers a deeper investigation. In such cases, the file goes to a securely isolated sandbox environment in Security Cloud. Security Cloud analyses the file in-depth by performing behavioral assessments. This behavior-based threat analysis identifies even highly sophisticated threats like zero-day malware.

WithSecure™ Cloud Protection for Salesforce governs file sandboxing through a proprietary set of rules designed to optimize threat detection. These rules consider a range of indicators within the files, including behavioral patterns and other suspicious activity.

By combining both static and dynamic analysis in antivirus capabilities, we minimize false positives and ensure accurate threat detection on Salesforce. The result is a comprehensive and nuanced understanding of the sample, which significantly enhances our ability to identify and counteract threats.

QR codes embedded in documents and images are inspected for malicious destinations. Obfuscation such as shortened links inside the code is detected and blocked. This closes a growing phishing vector that targets mobile devices and bypasses user training.
Learn more in the dedicated QR code protection page. CThe protection cvers both QR code images and embedded QR codes in other file types like PDFs.

Attackers hide links in PDFs, Office documents, and other formats. File Protection extracts and evaluates embedded URLs, including those behind redirects or shorteners. Dangerous destinations are blocked before users open or share the file.

These vectors are also a common delivery path for ransomware payloads, which can lock critical Salesforce data and connected systems if not stopped at upload.

You can block entire categories of risky formats by extension or true type. Common examples include executables such as EXE and COM, script files such as VBS and PS1, and other high-risk formats. Policies stop these files at upload so they never circulate in Salesforce.

Detection looks at the actual file content and structure, not only the extension name of the file. This prevents spoofing where an executable is renamed as a PDF or image. Precision recognition reduces false negatives and closes a common evasion path.

Password-protected archives commonly conceal malware, offering attackers a method to evade scanning by traditional anti-malware solutions like endpoint protection. This poses a significant risk, particularly in highly targeted industries. WithSecure™ Cloud Protection for Salesforce proactively addresses this threat with its advanced feature that detects and blocks password-protected archives in real-time.

These vectors are also a common delivery path for ransomware payloads, which can lock critical Salesforce data and connected systems if not stopped at upload.

Uploads up to 800 MB are supported without degrading user experience. Scanning reaches inside nested archives and container formats to expose hidden malware. This covers for example large media assets used in enterprise workflows.

When a file is confirmed malicious, the upload is blocked immediately. You can replace it with a notice file (.txt) that explains what was stopped and when. Users stay informed and workflows continue, while administrators receive actionable alerts.

Our real-time protection on Salesforce scans files for threats both when users upload them to the platform, and whenever they download them. With this proactive approach, WithSecure Cloud Protection for Salesforce can effectively block evolving threats such as polymorphic malware types.

Admins can run manual sweeps across existing Salesforce content. Scheduled scans ensure older files and seldom-touched records are re-evaluated under current policies. This reduces residual risk from historical uploads and policy changes.

User privacy is a top priority for us. Data is anonymized and encrypted in transit and at rest. Personally identifiable information is not required for analysis. Processing can be kept in region with data centers in the EU, US, Australia, Singapore, and Japan to support regulatory needs.