Improve your security by enabling Secure File Scan to check all incoming file upload field attachments on submitted forms and workflows. After a form is submitted, Secure File Scan checks all attachments for viruses and displays the results of each file scanned on the Response page. Any file(s) found to be unsafe will trigger an email notification to the content (form or workflow) owner for follow-up.
- FormAssembly Enterprise or Government plan
- Administration Permission: Allow administrator to access security settings
Grant Admin Access to the Security Page
- Open the Admin Dashboard
- Under “User Management”, select All Users
- Locate the user profile for the administrator authorized for security management
- Edit the user profile
- Open the Permissions tab
- View the permissions under the Administration permission package
- Expand the section for Admin Permissions, if not already expanded
- Select the checkbox for “Allow administrator to access security settings”
- Click Save
Enable Secure File Scan
- From the Admin Dashboard, click Security to access the Security page.
- Toggle the switch aligned with Secure File Scan to turn on the Secure File Scan feature.
Secure File Scan results are communicated in two ways - by file upload statuses on the Response page and through email notifications to the content owner.
On the Response page, the status of the secure file scan appears in line with each instance of a file upload. Additionally, if a file upload is flagged, a banner message will appear to highlight the identified security risk.
Secure File Scan Statuses
- Attention Required - The file is flagged due to potential risks found during the scan.
- Unable to Scan - The contents of this file were unable to be scanned.
- File Queued - The file will be scanned soon.
- If a status is not included, the file scan did not find any risks, the Secure File Scan feature is disabled, or the file upload occurred before the feature was enabled.
When a file is flagged with the Attention Required status, an email notification is sent to the content owner to notify them to review the response. This email arrives from firstname.lastname@example.org with the subject line “A Response Requires Your Review”.
Secure File Scanning does not halt any connectors or form processes. Content owners are notified of any malicious or unscannable files found, but files are still sent through any configured connectors as designated by your form or workflow’s configuration.
Proceeding with a Risky Download
FormAssembly provides the Secure File Scan feature, but only your own security team can recommend what to do next when a file upload is flagged. If you choose to proceed with downloading a flagged file, a confirmation message will appear. Any confirmation is logged for tracking purposes.