icon-zia.svg
Secure Internet and SaaS Access (ZIA)

About Data at Rest Scanning Malware Detection

Watch a video about SaaS Security Data at Rest Scanning and policy configuration

The SaaS Security Data at Rest Scanning Malware Detection policy allows you to create rules to discover and prevent threats to data at rest in sanctioned SaaS applications.

Adding a malware policy for a SaaS application provides the following benefits and enables you to:

  • Maintain individualized malware policies for each SaaS application tenant in your organization.
  • Detect and remove malware threats to extend comprehensive web security to your SaaS applications.

As shown in the following table, each SaaS application allows you to configure the policy to report, quarantine, or delete suspicious files. You can also configure exceptions to the policy.

After creating a policy rule, you must schedule a scan for it to inspect content based on the rule's specifications (e.g., tenant, DLP engines, action, etc.). To learn more, see About SaaS Security Scan Configuration.

About the SaaS Security Data at Rest Scanning Malware Detection Page

On the Malware Detection page (Policy > SaaS Security > Data at Rest Scanning > Malware Detection), you can do the following:

  1. From the drop-down menu, choose an application type to configure the Malware Detection policy for related SaaS applications.

To enable Amazon S3, Google Cloud Platform, and Microsoft Azure for your organization, contact your Zscaler Account team.

  1. Configure a Data at Rest Scanning Malware Detection policy rule.
  2. Search for a Malware Detection policy rule.
  3. View a list of all configured Malware Detection policy rules. For policy rules, you can see and sort the following:
    • SaaS Application Tenant: The tenant for the application chosen for the policy rule.
    • Application: The application chosen for the policy rule.
    • Action: Displays the configured action for the policy rule.
    • Status: Displays whether the policy rule is enabled or disabled.
    • Quarantine Location: The location where malicious files are moved for quarantine, if applicable.
    • Scan Inbound Email Links: This is applicable for email applications only. Displays whether or not the Zscaler service is allowed to inspect links included in inbound emails.
  4. Edit or delete a Malware policy rule.
  5. Modify the table and its columns.
  6. Go to the Exceptions page, where you can configure Malware Detection policy exceptions.
  7. Go to the Data Loss Prevention page, where you can create rules to discover and protect sensitive data at rest in sanctioned SaaS applications.
  8. Go to the Scanning Exceptions page, where you can configure scanning exceptions for file sharing applications.

The SaaS Security API Malware Detection policy page allows you to configure malware rules.

Related Articles
Understanding the Data at Rest Scanning PolicyAbout Data at Rest Scanning DLPConfiguring the Data at Rest Scanning DLP PolicyConfiguring the Data at Rest Scanning DLP Policy ExceptionsAbout Data at Rest Scanning Malware DetectionConfiguring the Data at Rest Scanning Malware Detection PolicyConfiguring the Data at Rest Scanning Malware detection Policy ExceptionsAbout SaaS Security Scan ConfigurationUnderstanding SaaS Security Scan SchedulesConfiguring SaaS Security Scan SchedulesConfiguring the Data at Rest Scanning Exceptions