Microsoft Boosts Security with SharePoint’s New Ability to Scan Encrypted Files Amid Unannounced Policy Change

• Microsoft’s SharePoint now has the capability to scan encrypted or password-protected files, providing an additional layer of security against malware attacks. This move addresses a long-standing vulnerability where such files could potentially be used to hide and deliver malware.
• While this change is beneficial for general users, it poses challenges for cybersecurity researchers who handle malware samples for their work. The new policy has led to a call for Microsoft to balance security needs without hindering essential cybersecurity research efforts.

Microsoft has recently implemented a change to its SharePoint cloud storage service, allowing it to scan files that are encrypted or password-protected for potential malware. This is a significant change since antivirus applications have traditionally struggled to inspect password-protected files, thus making them an appealing avenue for hackers to deploy their malware.

The change was discovered by Andrew Brandt, Principal Researcher at cybersecurity firm Sophos, who noticed that some of their password-protected zip files containing malware samples in their SharePoint directory were flagged as malware. Microsoft’s Safe Attachments feature, as explained on their support page, locks any files determined to be malware, preventing actions such as opening, copying, moving, or sharing the file, though they can still be viewed and deleted.

This new policy has not been without controversy, however. While it provides added security for most users, it poses challenges for cybersecurity researchers like Brandt, who often need to handle malware samples for their work. The move has thus sparked a call for Microsoft to find a solution that balances the need for security without hampering researchers’ efforts.

Despite the significance of this change, Microsoft appears to have made no official announcement about it. The company’s support page also does not mention the ability to scan encrypted or password-protected files.