Microsoft is scanning password-protected and encrypted zip archives for malware, according to reports from security researchers.
Andrew Brandt, Principle Researcher at SophosLabs, took to Mastodon to report the issue:
Well, apparently #microsoft #Sharepoint now has the ability to scan inside of password-protected zip archives.
How do I know? Because I have a lot of Zips (encrypted with a password) that contain malware, and my typical method of sharing those is to upload those passworded Zips into a Sharepoint directory.
This morning, I discovered that a couple of password-protected Zips are flagged as “Malware detected” which limits what I can do with those files – they are basically dead space now.
As Brandt points out, the practice has major repercussions for security researchers and malware analysts’ ability to share the files their work depends on:
While I totally understand doing this for anyone other than a malware analyst, this kind of nosy, get-inside-your-business way of handling this is going to become a big problem for people like me who need to send their colleagues malware samples. The available space to do this just keeps shrinking and it will impact the ability of malware researchers to do their jobs.
Hopefully, Microsoft will adjust their policy to allow exceptions for security researchers.
In the meantime, the news should serve as a caution to users who rely on password protection to keep their files private and secure on Microsoft’s cloud platform.