Do retroactive scans under API Data Protection also scan for malware?

  • 13 December 2022
  • 1 reply


I see you can retroactively scan files in your SaaS tenant (OneDrive in my case) against DLP policies, but does that also scan for malware infected files? 


Have dozens of files getting flagged in our OneDrive tenant as malware, but the problem is the inline CASB malware policies are what is detecting the files. 


I would like to run a malware scan on all files retroactively on our tenant and quarantine anything malicious. However when i go to configure a retroactive scan, i only see options to detect DLP violations, not scan for threats/malware. 

1 reply

Userlevel 3
Badge +11

Yes, the retroactive scan also checks for malware provided you have enabled threat protection for the specific app as described in:

So if you trigger a retroactive DLP scan, it will also check for malware.