Product Announcements & Troubleshooting WithSecure Cloud Protection for Salesforce

Unable to assign permission set WithSecure Clould Protection to users. The user license doesn't allow VisualForce Page Access
Eicar test files uploaded as documents to Salesforce are not detected as malicious by Cloud Protection for Salesforce
How to increase the Scan Quota Increase in the Cloud Protection for Salesforce when getting Error monthly scan usage quota limits exceeded ?
Configurable Point of Presence: Set up your data processing region
Important Update on WithSecure Cloud Protection for Salesforce Service degradation
Advanced Threat Analysis
New connected app in WithSecure Cloud Protection for Salesforce – future-proofed protection for your Salesforce cloud
How to exclude URL from URL Protection in Cloud Protection for Salesforce
How Click-Time URL Protection Works
How to Configure Click-Time URL Protection

Protection Status

Protection status view

See and control your security configurations from a single view

The protection status panel provides a comprehensive, straightforward snapshot of your Salesforce security status, including file and URL protection configurations, connectivity status, automatic update status, and the version in use. You can quickly spot and fix any security hiccups. That means you're always at your security best without breaking a sweat.

In this article, we walk you through all the nitty gritty details of the view and explain how the traffic light scoring system works.

What is protection status?

The protection status panel serves as your go-to checkpoint for Salesforce org security. It effectively shows if your system is fully protected, with all necessary controls enabled and configured.

This panel is neatly divided into four sections:

File Protection
URL Protection
Automatic Updates
and Connectivity

Let's dive into the different sections in the panel and clarify what each status option signifies.

File Protection status

WithSecure Cloud Protection employs a rigorous multi-stage analysis to fend off viruses, trojans, ransomware, and other advanced malware. When file scanning is enabled, files undergo an extensive review, starting with initial detection checks, followed by a threat intelligence assessment. If a file's reputation remains unclear, it's forwarded to the WithSecure™ Security Cloud for a comprehensive evaluation using multiple anti-malware engines. This ensures the detection of malware, zero-day exploits, and advanced threat patterns, leveraging the vast intelligence data of WithSecure™.

File Protection ensures safe content uploads by checking against a list of disallowed file types or extensions. To reduce malware risks, you can block executables (like EXE, COM) or scripts (like VBS, PS1) from being uploaded to Salesforce Cloud. If a file matches a disallowed type, it's immediately blocked by the app.

The File Protection section shows the status of scanning and blocking harmful and disallowed content.

Accessing File Protection settings is as easy as a click. Just tap on "Configure," and you're there.

Here's a handy break down of the status options for you.

Harmful content scanning

For harmful content scanning to get a green light, make sure all of the following conditions apply:

"Send complete files for malware and advanced threat scanning" is turned on.
"Scan content stored as Salesforce Attachments" is enabled
Under the "Configure objects..." link, every object is selected. You can do this by choosing the "All objects" option from the picklist, or manually checking all object boxes
"Scan content stored as Salesforce Files" is enabled
"Scan files for harmful content on upload" is enabled.
"When harmful content is found on upload," it's set to "Remove file."
"Scan files for harmful content on download" is enabled.
If harmful content is found, it's set to either "Block access" or "Remove file."
Lastly, "File types and extensions to scan for harmful content:" should be set to "All except excluded."

So, if all these are in place, your content scanning is considered enabled.

The status will show as "Partially enabled" when it doesn't quite fit the "Harmful content scanning is enabled" or the "Harmful content scanning is disabled" scenarios.

Here's how you can identify a "disabled" status for harmful content scanning. It will pop up if ANY ONE of the following conditions are true:

Condition 1: Both "Scan content stored as Salesforce Attachments" and "Scan content stored as Salesforce Files" are switched off.
Condition 2: Both "Scan files for harmful content on upload" and "Scan files for harmful content on download" are turned off.

Disallowed content scanning

Disallowed content scanning gets the green light when BOTH of these conditions are satisfied:

Condition 1: Either or both "Scan content stored as Salesforce Attachments" and "Scan content stored as Salesforce Files" are switched on.
Condition 2: Either or both "Scan files for disallowed content on upload" and "Scan files for disallowed content on download" are enabled.

When these two conditions are met, you've successfully enabled disallowed content scanning.

You'll see a "Disallowed content scanning is disabled" status when the "Disallowed content scanning is enabled" status isn't applicable. In practical terms, this happens when any one of the following conditions isn't satisfied:

Condition 1: Neither "Scan content stored as Salesforce Attachments" nor "Scan content stored as Salesforce Files" are switched on.
Condition 2: Neither "Scan files for disallowed content on upload" nor "Scan files for disallowed content on download" are enabled.

URL protection

The URL Protection element combines two key functionalities: harmful URL scanning and disallowed URL scanning.

URL Protection replaces potentially harmful URLs with redirect links, keeping the original link visible but unclickable. By evaluating factors like URL patterns, website behavior, and metadata, it determines a site's risk level. If identified as malicious, access is blocked, alerting the user to potential threats and preventing visits to phishing or harmful sites.

You can control which websites Salesforce users can and can't visit by disallowing certain website categories. This means restricting access to distractions like social media or higher-risk sites such as gambling, ensuring a safer and more focused work environment. You can whitelist specific websites to make excpetions.

The URL Protection section serves as your window into the status of harmful and disallowed URL scanning features. We've broken down what each status signifies below for easy understanding.

And remember, you're just a click away from accessing URL Protection settings. Simply hit "Configure."

Harmful URL scanning

Your harmful URL scanning is in the 'enabled' zone when ALL these conditions are ticked off:

"Scan URLs in standard objects" is switched on.
Under the "Configure objects..." link, EVERYTHING IS SELECTED
"Replace URLs with click time protection links" is turned on.
Under the "Configure objects..." link, EVERYTHING (except "Outbound email message") is selected.

"Harmful URL scanning is partially enabled" appears whenever it doesn't quite fit into the "Harmful URL scanning is enabled" or "Harmful URL scanning is disabled" categories.

Harmful URL scanning will show as 'disabled' when ANY ONE of these conditions rings true:

Condition 1: "Scan URLs in standard objects" is switched off, OR under the "Configure objects..." link, no options are selected.
Condition 2: "Check reputation of URLs" is turned off.

If any of these scenarios apply, your harmful URL scanning is considered 'disabled'.

Disallowed URL scanning

Disallowed URL scanning is enabled when ALL these conditions are in place:

"Scan URLs in standard objects" is turned on, AND at least one location is picked under the "Configure objects..." section.
"Check category of URLs" is enabled, AND you've selected at least one category under "Select disallowed categories:"

The "Disallowed URL scanning is disabled" status pops up when the conditions for "Disallowed URL scanning is enabled" aren't met.

Automatic updates

The Automatic Update section displays the status of automatic updates, along with the app version you're currently using. We've explained the details below.

Automatic updates status

Automatic updates swing into 'enabled' mode when this condition is met:

The "Install product updates automatically" setting is switched on.

You'll see "Automatic update is disabled" when this condition is in place:

The "Install product updates automatically" setting is turned off.

"Manual installation needed" will pop up when this condition is met:

The version you're using is too outdated to receive automatic updates.

"Version information is not available" will display under this highly unlikely circumstance:

The version information couldn't be fetched from the backend. Although improbable, it's technically possible!

Understanding the version in use status

You'll see "You are using the latest version [x.x.x]" when this condition is satisfied:

The version you're using matches the latest version published on AppExchange.

"You are using an unsupported version [x.x.x]" will appear in red when this condition is true:

The version you're using has hit its End Of Life (EOL) and is no longer supported.

The informational status "A new version [x.x] is available, current version is [y.y.y]" will display when this condition is met:

The version you're currently using is older than the latest version published on AppExchange.

Tip: you can refresh the values of Protection status element by hitting the refresh button in the top right corner

Connectivity status

The Connectivity section provides a snapshot of the status of the connected app and its link to the WithSecure Security Cloud.

Connection to WithSecure Security Cloud

Let's unpack the different status options when connecting to WithSecure Security Cloud:

"WithSecure Security Cloud is operational" will display when this condition is satisfied:

On the status.withsecure.com page, the status of WithSecure Cloud Protection for Salesforce Backend is 'Operational'.

"WithSecure Security Cloud is not operational" appears when this condition is met:

On the status.withsecure.com page, the status of WithSecure Cloud Protection for Salesforce Backend is anything but 'Operational'.

Connected app status

Let's decipher the various status options for the connected app:

"Cloud Protection connected app is operational" is confirmed when these conditions are in place:

You've set up the connected app, AND
The connected app can establish a connection with the Salesforce org.

"Cloud Protection connected app is not set up" shows when this condition is true:

The status of the connected app is 'disconnected'.

"Cloud Protection connected app malfunctions" pops up when these conditions are met:

You've set up the connected app, AND
The connected app can't establish a connection with the Salesforce org.

"WithSecure Security Cloud status is unknown" will appear when:

We can't reach our backend, which would typically provide the status.

"Cloud Protection connected app status is unknown" will show when:

We can't connect to our backend, which would normally inform us of the status.