ShaharAmir
← Back to Blog
Salesforce3 min read

Salesforce Spring '26: Native File Malware Scanning Is Finally Here

Salesforce finally adds built-in malware scanning for uploaded files. No more third-party apps required. Here's how it works and why it matters.

S
Shahar Amir

For years, Salesforce admins had one glaring security gap: files uploaded to Salesforce were not scanned for malware. If you wanted protection, you had to buy third-party apps from AppExchange like WithSecure, EzProtect, or attachmentAV.

Spring '26 changes that. Salesforce now includes native file malware scanning as a beta feature.

How It Works

The new scanning behavior depends on how files are uploaded:

UI Uploads (Synchronous)

When a user uploads a file through the Salesforce UI:

  1. The file is scanned before the upload completes
  2. If malware is detected, the upload is blocked immediately
  3. The user sees an error message

    4. API Uploads (Asynchronous)

    When files are uploaded via API (integrations, automations):

  4. The upload completes immediately
  5. The file is scanned asynchronously in the background
  6. If malicious, it's flagged in a new Malicious Files list
  7. Downloads of flagged files are blocked

    8. Enabling the Feature

    Navigate to Setup → Quick Find → Files → General Settings, then enable:

    > Scan files for viruses or malware (beta)

    This setting is often enabled by default in new Spring '26 orgs.

    Why This Matters

    Experience Cloud Portals

    If you have external users (customers, partners) uploading files through Experience Cloud portals, this is huge. Previously, a malicious file uploaded by an external user could spread through your org before anyone noticed.

    Compliance

    For regulated industries (healthcare, finance), having native malware scanning simplifies compliance conversations. No more explaining why you need a third-party security add-on.

    Cost Savings

    Third-party malware scanning solutions on AppExchange typically cost $5-15 per user per month. Native scanning eliminates that expense.

    The Malicious Files Dashboard

    Spring '26 introduces a new Malicious Files list in Setup where admins can:

    • View all files flagged as malicious
  • See when they were uploaded and by whom
  • Take action on quarantined files

    • Limitations (Beta)

    As a beta feature, there are some things to keep in mind:

  • Not 100% detection rate — No antivirus catches everything
  • Async API scanning — Files uploaded via API are accessible briefly before scanning completes
  • No retroactive scanning — Existing files aren't automatically scanned
  • Beta stability — Expect some refinement in future releases

    • What About Existing Third-Party Solutions?

    If you're already using an AppExchange antivirus solution, you don't need to rush to disable it. The native scanning is complementary. However, once the feature goes GA and proves stable, many orgs will likely drop their paid solutions.

    The Bigger Picture

    This feature is part of Salesforce's broader security push in Spring '26:

  • 10 GB file size limit (up from 2 GB)
  • Field Audit Trail expanded to 200 fields (from 60)
  • Real-Time Event Monitoring with automatic storage
  • Shield app consolidating all security features

Salesforce is clearly investing in making the platform more secure out of the box.

Bottom Line

Native file malware scanning is a welcome addition that addresses a long-standing security gap. While it's still in beta, the fact that Salesforce is building this natively (rather than acquiring an AppExchange partner) signals their commitment to platform security.

For orgs with Experience Cloud portals or heavy file usage, enable it now and test thoroughly. For everyone else, keep an eye on it for GA.

---

References:

#salesforce#security#spring-26#malware

Stay Updated 📬

Get the latest tips and tutorials delivered to your inbox. No spam, unsubscribe anytime.