1. Dualog Support
  2. SHORE ADMINISTRATION
  3. Dualog Drive

Malware Scanning for Dualog Drive

Avatar
Mark Lim
Follow

Malware Scanning as an additional feature that can be enabled as an add-on for Dualog Drive. When enabled, source files will be sent to and scanned on the cloud before being forwarded to the destination client(s).

The scanning service consists of five different scanners, increasing the possibility of detecting malware, in particular zero-day attacks. Malware scanning should come as an addition to endpoint security installed at the Drive source and destination clients.

 

How it works

 

Malware Scanning runs as a cloud service. When files are received at the Dualog cloud, they will be sent to the scanning service to be scanned. The sending client will be put on hold while waiting for the scan result. When scanning is completed, the result will be returned to the source client.

  1. No Malware is detected
    • The sending client will mark the transmission as finalised
    • The cloud service will release the files for download to the destination client(s)

  2. Malware is detected
    1. The sending client will move the infected file(s) to the quarantine folder on the source client, and notify the cloud where the file(s) are stored. After the files are quarantined, sending of other files will resume
    2. The infected file(s) will be removed from the cloud and transmission will be cancelled so that no destinations will receive them

How to Configure Malware Scanning

Malware scanning can be enabled for individual Drive tasks, and it is encouraged that users evaluate which tasks should or should not have the feature enabled. The Malware Scanning option is found under Advanced source options on the configuration page for each task, as shown below:

Malware scanning can be enabled for new and existing Drive tasks. To enable the feature, select the Malware scan radio button under Malware scanning, and save the configuration.

Setting Up Alerts for Detected Malware Files

Alerts are available to notify selected users whenever malware is detected by Dualog Drive. These can be configured from the Organisation page, accessible from the sidebar of the Apps Portal.

On the Organisation page, scroll down until you reach the Alerts section. Next, click on DualogDrive and in the popup, toggle the Threat detected in file alert on, and then on Save Changes. Current and future alert recipients will now receive notifications whenever an infected file is detected by Dualog Drive.

 

Handling Detected Malware Files

When Malware Scanning is enabled, a new tab, Malware, will be added to the Drive page on the Dualog Apps Portal.

If malware is detected, infected files will be listed in the Active Detections section of the Malware tab.

Clicking on each row will bring up a detailed overview with more information about the infected file, including the location of the quarantine folder where the file has been stored. The overview will also allow you to mark the file as resolved.

After reviewing the file, marking it as resolved will move the file from the Active detections to Resolved detections section on the Apps Portal. It will remain on the source client in the quarantined folder. You then have two options, depending on whether the file contains malware or the detection was a false positive.

  1. The File Contains Malware
    • After reviewing the file, if you are certain that it contains malware, delete it from the quarantine folder.
    • Run a scan using the endpoint security program on the source client to ensure that there is no malware remaining

  2. The File is a False Positive
    • There may be instances of false positives detected by Dualog Drive's malware scanner. For example, files containing macros or password-protected files may be flagged.
    • To transfer files that you are certain are false positives, you can create separate tasks that emulate the configuration of the original ones.
      • For these separate tasks, you should set a source folder that is different to the original task
      • In the configuration of these tasks, do not enable the malware scanning functionality under Advanced source options.
    • When the file has been detected as malware, resolve the detection and move the file to the source folder for tasks where malware scanning has not been enabled. This should only be done for files that you are certain do not contain any malware
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Articles in this section