Configuration
File Scan Settings
The File Scan settings control both the general scanning behavior and the advanced antivirus engine configuration for each Protection Profile.
- Go to Settings → File Scan
Profile Selection
- At the top of the File Scan panel, select the Protection Profile whose settings you want to configure. If you haven't created additional profiles, the Default Profile is selected automatically.
- All settings below apply only to the selected profile.
File Protection
| Setting | Description |
|---|
| File Protection | Master switch to enable or disable file scanning for the selected profile. |
Configure when files are scanned:
| Option | Description |
|---|
| Upload | Files are scanned when uploaded to Salesforce. |
| Download | Files are scanned when a user attempts to download them. |
Define what happens when a threat is detected:
| Action | Description |
|---|
| Block | The file is blocked and inaccessible to users until an admin releases it. |
| Allow and notify | The file is allowed through, but administrators and/or users are notified about the detected threat. |
| Setting | Description |
|---|
| Replace file | When enabled, a blocked file's content is replaced with a harmless placeholder indicating it was removed for security reasons. |
The advanced settings provide granular control over the antivirus engine's behavior.
- Go to Settings → File Scan
- Scroll to Advanced Configuration
Content Detection & Blocking
| Setting | Description | Default |
|---|
| Block Encrypted Files | Block files that are password-protected or encrypted and cannot be scanned | Disabled |
| Block Active Content | Block files containing active content (macros, JavaScript, etc.) | Disabled |
| Block HTML in PDF | Block PDF files containing dictionary elements that may be interpreted as HTML | Disabled |
| HTML Detection Level | Controls the sensitivity of HTML content detection in non-HTML files | SAFE |
| Setting | Description | Default |
|---|
| Enable MIME Type Checks | Activate MIME type related checks including allow list, block list, and extension matching | Disabled |
| Enforce Extension Matching | Validate that file content matches filename extension | Enabled |
| Apply MIME Policy in Archives | Enforce MIME policy for files inside archives and compressed files | Enabled |
| Blocked MIME Types | Comma-separated list of MIME types that are always blocked | Empty |
| Allowed MIME Types | Comma-separated list of allowed MIME types that skip file scanning | Empty |
| Blocked File Extensions | Comma-separated list of file extensions that are always blocked | Empty |
| Allowed File Extensions | Comma-separated list of allowed file extensions that proceed to antivirus scanning | Empty |
These settings control how the engine handles compressed archives (ZIP, RAR, 7z, TAR, etc.).
| Setting | Description | Default |
|---|
| Enable Archive Scanning | Extract and recursively scan archive contents | Enabled |
| Skip Virus Scan in Archives | Skip virus scan for extracted archive content and apply policy checks | Disabled |
| Detect Active Content in Archives | Enforce active content detection for files inside archives | Disabled |
| Maximum Archive Depth | Maximum depth to which nested archives are extracted | 20 |
| Archive Expansion Ratio | Maximum ratio of extracted size to archive size | 128 |
| Max Files per Archive | Maximum number of elements allowed in an archive | 0 (unlimited) |
| Max Extracted Size (bytes) | Maximum extracted archive size in bytes, with 0 meaning unlimited | 0 (unlimited) |
| Setting | Description | Default |
|---|
| Scan All File Types | Force scanning of all file types regardless of extension filters | Enabled |
| Scan Best Effort | Continue scanning even if some content cannot be fully processed | Enabled |
| Scan Embedded Content | Scan all embedded objects and enable embedded content analysis | Enabled |
| Scan Base64 Content | Decode and scan Base64 encoded content within files | Disabled |
| Scan UU-Encoded Content | Decode and scan UU encoded content within files | Enabled |
| Deep XML Scanning | Scan every element in parsed XML files | Disabled |
| Scan Timeout (milliseconds) | Maximum duration in milliseconds before a scan operation fails | No default |
| Setting | Description | Default |
|---|
| SVG Content Handling | Define how SVG related content type handling is applied | SVG |
| XML Content Handling | Define how XML related content type handling is applied | XML |
