Virus detection in SharePoint Online

Office 365 can help protect your environment from malware by detecting viruses in files that users upload to SharePoint Online. Files are scanned for viruses after they are uploaded. If a file is found to be infected, a property is set so that users can't download the file from the browser or sync the file in the OneDrive for Business client. Note that files larger than 25 MB in size are not scanned.

Important: These antivirus capabilities in SharePoint Online are a way to contain viruses. They aren't intended as a single point of defense against malware for your environment. We encourage all customers to assess and implement antimalware protection at various layers and apply best practices for securing your enterprise infrastructure. For more information about strategies and best practices, see Enterprise Security Best Practices.

What happens when an infected file is uploaded to SharePoint Online?

Office 365 uses a common virus detection engine. The engine runs asynchronously within SharePoint Online, and scans files when they are uploaded. When a file is found to contain a virus, it's flagged so that it can't be downloaded again.

Here's what happens:

  1. A user uploads a file to SharePoint Online.

  2. The virus detection engine scans the file.

  3. If a virus is found, the virus engine sets a property on the file indicating that it is infected.

What happens when a user tries to download an infected file by using the browser?

If a file is infected with a virus, users can't download the file from SharePoint Online by using the browser.

Here's what happens:

  1. A user opens a web browser and tries to download an infected file from SharePoint Online.

  2. The user is given a warning that a virus has been detected, and is given the option to download the file and attempt to clean it using their own virus software.

    Virus warning

What happens when the OneDrive for Business client tries to sync an infected file?

If a file is infected with a virus, users can't sync the file from the OneDrive for Business client.

Here's what happens:

  1. The OneDrive for Business client inspects the file properties before downloading files to a sync folder.

  2. If the file contains a virus, the OneDrive for Business client won't download the file to the sync folder. Instead, a notification in the system tray tells the user that there is a sync problem, as in the following screen shot:

    Screenshot of a dialog box that shows 1 item can't be synced with OneDrive for Business because the server's virus scanner found an issue with the file.
  3. The user can open the Sync Status dialog box to learn that there is a sync problem because the file has a virus.

Share Facebook Facebook Twitter Twitter Email Email

Was this information helpful?

Great! Any other feedback?

How can we improve it?

Thank you for your feedback!

×