It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Login Sign Up Contact & Support

United States – English (GMT-5)

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud Archiving Service

Security Awareness Training (PhishLine)

Managed Security Awareness Training (Managed Phishline)

Email Security Gateway

Domain Fraud Protection

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Load Balancer ADC

Vulnerability Manager

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Web Security Agent

Firewall Policy Manager

Intronis Backup (ECHOplatform)

Cloud-to-Cloud Backup

RMM (Managed Workplace)

Site Security Scanner

Server Backup (Yosemite)

Campus Help Center / Reference

Onboarding Portal

Network Security

Support Services

Barracuda XDR

Overview Documentation Materials

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud Archiving Service

Security Awareness Training (PhishLine)

Managed Security Awareness Training (Managed Phishline)

Email Security Gateway

Domain Fraud Protection

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Load Balancer ADC

Vulnerability Manager

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Web Security Agent

Firewall Policy Manager

Intronis Backup (ECHOplatform)

Cloud-to-Cloud Backup

RMM (Managed Workplace)

Site Security Scanner

Server Backup (Yosemite)

Campus Help Center / Reference

Onboarding Portal

Network Security

Support Services

Login Sign Up Contact & Support

United States – English (GMT-5)

Simulating Cloud Security Threats - SharePoint Malware File Upload

Last updated on 2025-04-17 15:55:44

Rule

Office 365 SharePoint Malware File Upload

Purpose

Identifies the occurrence of files uploaded to SharePoint being detected as Malware by the file scanning engine. Attackers can use File Sharing and Organization Repositories to spread laterally within the company and amplify their access. Users can inadvertently share these files without knowing their maliciousness, giving adversaries an opportunity to gain initial access to other endpoints in the environment.

Objective

Ensure malware file uploads to SharePoint are detected.

How to test

Download a safe test malware file (e.g., the EICAR test file).
Login to the test SharePoint environment with a test user account.
Upload the test malware file to SharePoint.
Allow time for the file scanning engine to scan the file.