How malicious file detection works

3 mins
Using Proton Drive

In this article, we explain Proton Drive’s malicious file detection feature.

What is malicious file detection?

At Proton, safeguarding your privacy has always been our top priority. Whether it’s through NetShield for ProtonVPN(new window), which blocks phishing sites, malware, and intrusive advertising, or Proton Sentinel, which helps prevent account takeover attacks, we have been developing new technologies to offer comprehensive protection without compromising your privacy.

Our privacy-first malicious file detection feature is another line of defense against hackers. When you receive a sharing link to a Proton Drive file, you will have the ability to check it first for malware before downloading it to your device.

Unlike conventional malware detection methods that involve scanning the content of files, which can potentially infringe on your privacy, our approach is different. Instead of scrutinizing the contents of files, we employ a privacy-preserving technique that relies on file hashes for detection. This means the actual contents of your files remain entirely confidential and are never accessed or analyzed by anyone, not even us. 

Moreover, in Proton Drive, you have control over when detection scans are performed. Unlike traditional antivirus software that constantly runs in the background, our malicious file detection is activated only when you choose to initiate a scan. This puts you in the driver’s seat, allowing you to decide when and how your files are analyzed for potential threats.

By adopting a privacy-first approach to malicious file detection, we are increasing platform safety without sacrificing privacy. This approach reflects our commitment to providing you with robust protection against cyber threats while upholding the fundamental right to privacy. 

How malicious file detection works in Proton

On downloading files from your Proton Drive, you now have a Scan and Download button. You have the option to perform a check of the file’s hash against a database of known malicious file hashes. The contents of the file are always encrypted, but if you prefer not to share even the file hash with us you can simply download the file without scanning.

When we receive a file hash, we check if the file is in a list of known malicious files. If malicious files are detected, we will notify you about the dangers of the file, but will not prevent you from downloading at your own risk. 

Diagram showing how malicious file detection works

Staying vigilant

While our new file hash check feature significantly enhances your ability to detect known threats, it’s essential to emphasize the importance of maintaining a vigilant approach to cybersecurity. No security measure can replace the value of a cautious and informed user.

Our file hash check is designed to identify files with known malicious signatures. However, the landscape of malware is constantly evolving, with new threats emerging regularly. It’s crucial to acknowledge that our checks provide protection against known threats, but they may not catch unidentified or emerging malware. 

As such, it’s important that you practice safe downloading habits:

  1. Never download files from unknown sources: Always make sure you know the sender before downloading an attachment. Be suspicious of emails, websites, and sharing links you were expecting.
  2. Keep your software updated: Regularly update your software and applications to benefit from the latest security patches. Hackers take advantage of outdated software to spread malware.

Your personal data is extremely valuable to hackers, which is why it’s essential to choose security-first online services that use end-to-end encryption by default. Developing malicious file detection that preserves strong encryption is a major step forward in our mission.

Didn’t find what you were looking for?