SharePoint Online、OneDrive 和 Microsoft 团队中的内置病毒防护Built-in virus protection in SharePoint Online, OneDrive, and Microsoft Teams


欢迎使用 Microsoft Defender for Office 365,这是 Office 365 高级威胁防护的新名称。Welcome to Microsoft Defender for Office 365, the new name for Office 365 Advanced Threat Protection. 此处阅读有关此内容和其他更新的详细信息。Read more about this and other updates here. 我们将在不久的将来更新产品和文档中的名称。We'll be updating names in products and in the docs in the near future.

Microsoft 365 使用通用的病毒检测引擎来扫描用户上载到 SharePoint Online、OneDrive 和 Microsoft 团队的文件。Microsoft 365 uses a common virus detection engine for scanning files that users upload to SharePoint Online, OneDrive, and Microsoft Teams. 此保护包括在所有订阅中,包括 SharePoint Online、OneDrive 和 Microsoft 团队。This protection is included with all subscriptions that include SharePoint Online, OneDrive, and Microsoft Teams.


内置防病毒功能是一种帮助包含病毒的方法。The built-in anti-virus capabilities are a way to help contain viruses. 它们不是为了抵御针对您的环境的恶意软件的单一防御点。They aren't intended as a single point of defense against malware for your environment. 我们鼓励所有客户在不同的层调查和实施反恶意软件保护,并应用最佳做法来保护其企业基础结构。We encourage all customers to investigate and implement anti-malware protection at various layers and apply best practices for securing their enterprise infrastructure. 有关策略和最佳实践的详细信息,请参阅 安全路线图For more information about strategies and best practices, see Security roadmap.

将受感染的文件上载到 SharePoint Online 时,会发生什么情况?What happens when an infected file is uploaded to SharePoint Online?

Microsoft 365 病毒检测引擎在 SharePoint Online 中异步运行。The Microsoft 365 virus detection engine runs asynchronously within SharePoint Online. 上载时不会自动扫描所有文件All files are not automatically scanned on upload. 启发式确定要扫描的文件。Heuristics determine the files to scan. 找到文件以包含病毒时,文件会被标记为无法再次下载。When a file is found to contain a virus, the file is flagged so it can't be downloaded again. 在4月2018,我们删除了扫描文件的 25 MB 限制。In April 2018, we removed the 25 MB limit for scanned files.

以下是所发生的情况:Here's what happens:

  1. 用户将文件上传到 SharePoint Online。A user uploads a file to SharePoint Online.
  2. SharePoint Online 决定文件是否符合扫描的条件。SharePoint Online determines whether the file meets the criteria for a scan.
  3. 病毒检测引擎将扫描文件。The virus detection engine scans the file.
  4. 如果发现了病毒,病毒引擎将对文件设置一个属性,表明它已被感染。If a virus is found, the virus engine sets a property on the file indicating that it's infected.

当用户尝试使用浏览器下载受感染的文件时,会发生什么情况?What happens when a user tries to download an infected file by using the browser?

如果文件受到感染,用户不能使用浏览器从 SharePoint Online 下载文件。If a file is infected, users can't download the file from SharePoint Online by using a browser.

以下是所发生的情况:Here's what happens:

  1. 用户打开 web 浏览器并尝试从 SharePoint Online 下载感染病毒的文件。A user opens a web browser and tries to download an infected file from SharePoint Online.
  2. 向用户提供一条警告,指示已检测到病毒。The user is given a warning that a virus has been detected. 默认情况下,会向用户提供下载文件的选项,并尝试使用防病毒软件在自己的设备上进行清理。By default, the user is given the option to download the file and attempt to clean it using the anti-virus software on their own device.


管理员可以在 SharePoint Online PowerShell 中使用set-spotenant cmdlet 上的DisallowInfectedFileDownload参数,以防止用户下载感染病毒的文件,即使在 "反病毒警告" 窗口中也是如此。Admins can use the DisallowInfectedFileDownload parameter on the Set-SPOTenant cmdlet in SharePoint Online PowerShell to prevent users from downloading infected files, even in the anti-virus warning window. 有关说明,请参阅 使用 SharePoint Online PowerShell 防止用户下载恶意文件For instructions, see Use SharePoint Online PowerShell to prevent users from downloading malicious files.

一旦启用 DisallowInfectedFileDownload 参数,就会为用户和管理员完全阻止对已检测/被阻止文件的访问。As soon as you enable the DisallowInfectedFileDownload parameter, access to the detected/blocked files is completely blocked for users and admins.

OneDrive 同步客户端尝试同步受感染的文件时,会发生什么情况?What happens when the OneDrive sync client tries to sync an infected file?

OneDrive 同步客户端不会下载包含病毒的文件。OneDrive sync clients will not download files that contain viruses. 同步客户端将显示一条通知,指出文件无法同步。The sync client will display a notification that the file can't be synced.

具有 Office 365 高级威胁防护的扩展功能Extended capabilities with Office 365 Advanced Threat Protection

包含 Office 365 高级威胁防护 (ATP) 包含在订阅中或作为加载项购买的 microsoft 365 组织可以为 SharePoint、OneDrive 和 Microsoft 团队启用 ATP,以增强报告和保护功能。Microsoft 365 organizations that have Office 365 Advanced Threat Protection (ATP) included in their subscription or purchased as an add-on can enable ATP for SharePoint, OneDrive, and Microsoft Teams for enhanced reporting and protection. 有关详细信息,请参阅 适用于 SharePoint、OneDrive 和 Microsoft 团队的 ATPFor more information, see ATP for SharePoint, OneDrive, and Microsoft Teams.

详细信息More information

有关 SharePoint Online、OneDrive 和 Microsoft 团队中的防病毒的详细信息,请参阅 防止威胁打开 SharePoint、OneDrive 和 MICROSOFT 团队的 ATPFor more information about anti-virus in SharePoint Online, OneDrive, and Microsoft Teams, see Protect against threats and Turn on ATP for SharePoint, OneDrive, and Microsoft Teams.