Skip to content

Google Workspace detection and remediation

Google Workspace offers limited malware detection, initiating scans only during file downloads, including those downloaded through the Google Download API. If a user attempts to download a malicious file, the Google Workspace interface actively alerts them with a warning. Google Workspace does not support malware detection or remediation directly on the cloud drive.

As opposed to Google Workspace, which does not detect certain file types, Coro detects malware in these files as soon as they are uploaded to cloud storage from external sources or from the user's device.

Coro creates a quarantine folder (named "Suspected folder") at the point of malware detection. This folder is visible within the respective cloud storage service and Coro recommends that administrators restrict access in line with your organization's security policies. Coro moves malicious files to the "Suspected folder" and creates a ticket for the event. The admin user has the following remediation actions available:

  • Approve file: The file is returned to its original location on the cloud drive. The admin user has the option of immediately closing the current ticket and all related tickets.

  • Delete file: Permanently deletes the file. The file is removed from the "Suspected folder".


File deletion is currently not available via the Google API.