Help shape the future of Box
Welcome to Box Pulse, our product feedback tool powered by UserVoice. Got an idea for how to improve Box? Share it with us and gather support or vote on other people's ideas. Your feedback is essential to informing roadmap decisions and shaping the future of our products. Thanks for joining our community!
See user guide here.
254 results found
-
Ability to identify password protected files(パスワード付きファイルを特定する機能)
If a file is password protected, Box Shield's deep scan cannot be performed.
We would like to see a feature added to Box Shield to identify files with passwords.(和訳)
ファイルにパスワードが掛かっていると、Box Shieldのディープスキャンが実行できません。
パスワード付きファイルを特定するためにBox Shieldに、パスワード付きファイルを特定する機能の追加を希望します。3 votes -
Ability to provide feedback on anomalous download alerts
I would like the ability to provide user-level feedback on anomalous download alerts. Today, you can only provide feedback via the folder and suggest whether or not it contains sensitive information. It would be better if you could provide this feedback at the user level - if someone is on a specific team, they may be expected to download a lot of files from a specific folder. However, that behavior might be anomalous for another user on a different team. I also find that these alerts are often triggered for new users who are not actually downloading an unusual amount…
3 votes -
Give download rights for analysis without flagging safe
Hi, we have a process of validating in a secured sandbox environment documents that are flag as malicious to be analyse to put back into circulation if it's a false positive. Right now, Box Shield co-admin cannot retrieve those documents. Support suggest to flag them as false positive, download them and revert them back. It is a horrible practice to have to do that. It gives false information to the AI and it prevents automation via webhooks.
I have a multiple async jobs I want to run when a file becomes a false positive. This way of downloading is dangerous…
3 votes -
Ability to scope Malicious Content Rules by User/Group/Shield Lists
Currently malicious content rules apply to all users. To test moving from an audit/detection-only stance to enforcement, it would be useful to be able to create multiple rules that are scoped to specific users/groups/Shield Lists.
This will allow us to keep most users in an audit/detection-only rule, while we test enforcement with a pilot group in another rule.3 votes -
Better information on Alert Information for Location Detection Rules
Please add the country below the IP on a Shield Alert Email for Allowed countries Detection rules notification. This keeps us from having to log into box to see what country the violation occurred in..
3 votes -
Create an audit only mode for classification policies
Auto-classification policies can receive an audit only mode similar to Shield Access Policies. Essentially an auto-classification policy in audit only mode will return a list of files that would have triggered an auto-classification upon upload or interaction. Shield administrators can then review the list of files that would have been classified and review for accuracy.
Decreases risk of misclassifying content due to policy misconfigurations.
3 votes -
Block file request via classification / access policy
Currently there is no security control for access policies that allows to block file requests.
We created a classification "external" with the security control "External Collaboration Restriction". However it is still possible that externals upload files to these folders. To us this is also a way of external collaboration. And this also creates the risk of mixing internal and external files in folders that are classified as internal.3 votes -
Control Outbound Collaboration in Box Shield
Box shield collaboration policies only seem to apply to inbound collaboration (i.e. sharing from one's own tenant to an external account). We need the ability to have fine-grained controls on what invites a managed user can accept from external tenants.
3 votes -
Encrypt shield downloads
Encrypted downloads of files flagged as malicious so analysts can safely move files to a sandbox for further analysis.
3 votes -
Permanently mark a file as not malicious
We had a user (with Box Drive) who had a file marked as malicious. She apparently made a change to a local copy and added it back to her folder, causing it to be marked as malicious a second time. In fairness, the hash is different, since the file changed. When I looked at the first event, I ran the file through VT, and the results came back as all clean, so I marked it as not malicious. The user was still not able to access the file. I had to go back into Shield, find the second instance, scan…
3 votes -
Enable "Mark file as safe" in API
Provide an API endpoint to release a quarantine file ("Mark file as safe" in GUI) within box shield.
3 votes -
Restrict users to only some Shield label
Currently you can choose which users can put Shield label to contents.
However, this setting is for the whole tenant but I would like to set different types of users to some Shield label that does not apply to all the Shield labels.3 votes -
Enable default classification of MIP / Purview marked content from outside our tenant
We have multiple Microsoft Tenants and one Box EID. The challenge with this is that Shield only enables us to map sensitivity labels from one tenant. As a result we have a lot of information in our Box environment that is MIP marked but carries no Shield classification. It would be ideal to enable a default Shield classification for to be applied to data that has come from outside our MIP tenant. That way we can at notify users that additional controls may affect the document beyond those that Shield is enforcing, and smooth the gaps between our multi-tenancy in…
3 votes -
Co-Admin permission - Manage Shield Lists
It would be good to be able to delegate the update of Sheild lists so that someone can amend who is in a list without providing access to other shield functions.
For example, a list of people email addresses that can change because external parties that we collaborate change but we want to be able to remove/add people.
3 votes -
classification labeling time lag when item added to a folder with classification
When adding items to a folder with defined classification, there is a time lag (appx. 5 min) to reflect the classification to added items. (we know its 20min for 40K items but still we want to remove the time lag)
During the lag, a user can temporarily operate the items outside the policy defined on its classification.
This seems a critical defect in terms of its security, so please consider to fix the situation.
Thanks,3 votes -
Enable option with Shield Access Policy to break hard coded waterfall permissions (e.g. Editor --> View)
Enable option with Shield Access Policy to break hard coded waterfall permissions (e.g. Editor --> View).
E.g. everybody who is not the owner of the content previously was an Editor, but after I overlay a "View Only" Access Policy and Classification Label to the content, then everyone who is not the Owner of the content is View Only.
3 votes -
I would like the ability to hide malicious content in BoxShield.
If malicious content is uploaded to Box, we would like the ability to hide the content as well as suppress downloads.
If possible, we would like the content to be hidden automatically.
*For example, if infected with ransomware, we would like to hide the infected file and the file with the threatening message.This is because we want to take action on the administrator's side so as not to worry users.
3 votes -
Box Shield: enable granular controls for Threat Detection anomalous download behavior alerts
Box Shield: enable granular controls for Threat Detection anomalous download behavior alerts.
E.g. alert me when any file larger than xx GB is downloaded.
E.g. alert me when xx% more content is downloaded than normal.
E.g. alert me when xxxx file quantities are downloaded from yyyy folder.
3 votes -
Notify user on corrupt file upload
We should be able to notify a user when the file he just uploaded is detected by shield as corrupted.
The notification could be sent by mail or by notification on the website, depending on the configuration given by the user.This feature is relly important on a legal base, because each user should have the ability to correct his own mistake.
3 votes -
I would like to be able to change from a classification with a strict policy to a classification with a loose policy. The reverse should be
For the purpose of strictly protecting confidential information, we want to make it impossible to change from strict to loose permissions, even for users who have the authority to change classification labels. However, with the current Shield function, it is not possible to set the priority of changeability.
One possible way to achieve this is to allow users to set rankings for classifications or policies, and to limit the direction of the rankings.3 votesNot on the roadmap for FY25, will evaluate for FY26
- Don't see your idea?