Skip to content

Slack detection and remediation

Slack provides partial coverage for malware detection. Detection occurs both when a file is uploaded to a Slack channel and through periodic offline scans of the uploaded files. When malware is detected during an upload, the upload is terminated.

Coro does not currently extend the malware detection in cloud drives to Slack due to Slack API limitations.

Slack Detection

The admin user can still review Malware in Cloud Drive tickets, despite them being automatically remediated. Select the RESOLVE button to open the Ticket Log.

For further information on the Ticket Log, see Using the Ticket Log.

Cloud Apps List

The ticket displays key details of the discovery of the Malware in Cloud Drive including the Service. Full details, including the source from where the file was uploaded are also provided:

Malware Ticket Log

The Activity Log displays an entry informing the user that malware was detected, as well as the fact that the malware was remediated and the infected file was moved to the Suspected folder:

Activity Log

Selecting the ACTION button allows the user to perform a set of related actions:

Related Actions

  • Approve file: If the file is approved, it is moved back to its original location on the drive.
  • Delete file: Deletes the file.
  • Close ticket: Closes the ticket as the file was remediated and does not possess further threat.
  • Suspend user from all cloud apps: Quarantine the specific user account from all cloud services in order to eliminate the option of account takeover.
  • Suspend user from [Specific cloud service, for example, Microsoft 365]: Quarantine the specific user account from a specific cloud services in order to eliminate the option of account takeover.
  • Request user to sign-in to all cloud apps: Request the specific user to re-sign into their account on all cloud services in order to eliminate the option of account takeover.
  • Request user to sign-in to [Specific cloud service, for example, Microsoft 365]: Request the specific user to re-sign into their account on a specific cloud service in order to eliminate the option of account takeover.
  • Contact user: Send a direct message to the user. In this case the original details of the ticket are included in the message.