Skip to content

Google Workspace detection and remediation

Google Workspace does not provide malware detection and remediation on the cloud drive. Only partial coverage is provided for malware detection which is only initiated upon file download (also via the Google Download API). The Google Workspace UI displays a warning when trying to download a malicious file.

There are file types that Google Workspace does not detect. Coro detects malware in these files as soon as they are uploaded from an external source or the user's device to cloud storage.

After Coro moves the file to the Suspected folder, a ticket is created. The Coro administrator has the following remediation options available:

  • The respective file can be approved, and if approved, it is returned to its original location on the cloud drive.
  • The admin user can delete these files, effectively putting them on a block list for the entire organization. In such a case, the specified file will be removed from the Suspected folder. File deletion is currently not available via a Microsoft API.
  • The admin user can move these files to trash. The files are kept up to 30 days.


The remediation options can also be performed on malicious files detected by the Google service.