File Cleaning (Content Disarm & Reconstruction) is now supported for Microsoft OneDrive and SharePoint

To strengthen file protection in OneDrive and SharePoint, Check Point now supports File Cleaning (Threat Extraction). This capability adds another layer of security on top of sandboxing by sanitizing potentially risky content in files deemed as clean.

File Cleaning (CDR) provides another line of defense for files stored and shared in Microsoft OneDrive and SharePoint by removing potentially harmful active content from risky file types such as macros, embedded objects, and scripts. By proactively disarming threats and reconstructing a safe file version, this feature reduces the risk of malware, zero-day exploits, and weaponized files reaching users while preserving the original data’s usability.

When a file is uploaded to OneDrive or SharePoint, it first passes through Check Point’s sandboxing and antivirus engines. If the file is identified as malicious, the configured malware protection workflow is triggered. If the file is deemed clean, the File Cleaning (CDR) workflow applies as an additional layer of security – extracting and neutralizing potentially risky content. This layered approach enhances protection against evasive or unknown threats while preserving usability and collaboration.

To learn more about how to configure and use File Cleaning (Threat Extraction) for OneDrive and SharePoint, refer to this admin guide chapter: File Cleaning (Threat Extraction) for Office 365 OneDrive and Office 365 SharePoint.

You may also like

Attackers Continue to Target Trusted Collaboration Platforms: 12,000+ Emails Target Teams Users

Phishing Campaign Leverages Trusted Google Cloud Automation Capabilities to Evade Detection

40,000 Phishing Emails Disguised as SharePoint and e-Signing Services: A New Wave of Finance-Themed Scams

Check Point Named a Leader in the 2025 Gartner® Magic Quadrant™ for Email Security