A virus can spread via OneDrive

Built-in virus protection in SharePoint Online, OneDrive, and Microsoft Teams

  • 2 minutes to read

Applies toApplies to

Microsoft 365 uses a common virus detection engine for scanning files that users upload to SharePoint Online, OneDrive, and Microsoft Teams. This protection is in This protection is included with all subscriptions that include SharePoint Online, OneDrive, and Microsoft Teams.

Important

The built-in anti-virus capabilities are a way to help contain viruses. They aren't intended as a single point of defense against malware for your environment. We encourage all customers to investigate and implement anti-malware protection at various layers and apply best practices for securing their enterprise infrastructure. For more information about strategies and best practices, see Security roadmap.

What happens if an infected file is uploaded to SharePoint Online?

The Microsoft 365 virus detection engine runs asynchronously (independent from file uploads) within SharePoint Online.All files are not automatically scanned.All files are not automatically scanned.Heuristics determine the files to scan. When a file is found to contain a virus, the file is flagged. When a file is found to contain a virus, the file is flagged In April 2018, we removed the 25 MB limit for scanned files.

This happens: Here's what happens:

  1. A user uploads a file to SharePoint Online.
  2. SharePoint Online, as part of its virus scanning processes, later determines if the file meets the criteria for a scan.
  3. If the file meets the criteria for a scan, the virus detection engine scans the file.
  4. If a virus is found within the scanned file, the virus engine sets a property on the file indicating that it's infected.

What happens when a user tries to download an infected file by using the browser?

If a file is infected, users can't download the file from SharePoint Online by using a browser.

This happens: Here's what happens:

  1. A user opens a web browser and tries to download an infected file from SharePoint Online.
  2. The user is given a warning that a virus has been detected. By default, the user has the option to download the file and delete it using the antivirus software on their own device. By default, the user is given the option to download the file and attempt to clean it using the anti-virus software on their own device.

Note

Administrators can use the DisallowInfectedFileDownload parameter Use PowerShell on the Set-SPOTenant cmdlet in SharePoint Online to prevent users from downloading infected files, including the virus warning window DisallowInfectedFileDownload parameter on the Set-SPOTenant cmdlet in SharePoint Online PowerShell to prevent users from downloading infected files, even in the anti-virus warning window. For instructions, see Use SharePoint Online PowerShell to prevent users from download malicious files.For instructions, see Use SharePoint Online PowerShell to prevent users from downloading malicious files.

Once you get the DisallowInfectedFileDownload parameter As soon as you enable the DisallowInfectedFileDownload parameters, access to the detected / blocked files is completely blocked for users and admins.

What happens when the OneDrive sync client tries to sync an infected file?

OneDrive sync clients will not download files that contain viruses.The sync client will display a notification that the file can't be synced.

Extended capabilities with Microsoft Defender for Office 365

Microsoft 365 organizations that have Microsoft Defender for Office 365 included in their subscription or purchased as an add-on can enable secure attachments for SharePoint, OneDrive, and Microsoft Teams for advanced reporting and protection in their subscription or purchased as an add-on can enable Safe Attachments for SharePoint, OneDrive, and Microsoft Teams for enhanced reporting and protection. For more information, see Safe Attachments for SharePoint, OneDrive, and Microsoft Teams.For more information, see Safe Attachments for SharePoint, OneDrive, and Microsoft Teams.

Related Articles

Malware and ransomware protection in Microsoft 365

For more information about anti-virus in SharePoint Online, OneDrive, and Microsoft Teams, see Protect against threats and turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams.