Find out how the product has evolved throughout releases
Copyright (c) 2016-2023 WithSecure Corporation. All right reserved.
This product may be covered by one or more WithSecure patents.
This document contains important information and is updated frequently to let you know what's new in the latest release of WithSecure™ Cloud Protection for Salesforce. We strongly recommend that you read the entire document before you start using the product.
WithSecure™ Cloud Protection for Salesforce is a cloud-based security solution that is designed to complement and extend the native security capabilities of the Salesforce cloud platform. WithSecure™ Cloud Protection for Salesforce analyzes the content that enters or leaves the Salesforce cloud, so that the files and URLs that are uploaded to or downloaded from a Salesforce organization cannot be used in cyber attacks against your company, partners, or customers.
For more details, see the solution documentation at https://www.withsecure.com/salesforce.
Supported Salesforce editions
You can install and use the WithSecure™ Cloud Protection application with the following Salesforce Editions:
Note: Salesforce Professional Edition is not supported because the solution relies on some Salesforce platform capabilities that are not available in that edition.
The application is localized into the following languages: English, French, German, Italian, Japanese, Korean, Portuguese, Russian, Simplified Chinese, Spanish, Thai, Polish, Chinese (Traditional), Hungarian, Czech, Slovak, Turkish.
Setup and configuration
For detailed deployment and post-installation instructions, refer to the Quick Installation Guide.
Note: We highly recommend that you verify the application in a Salesforce sandbox organization before you deploy it to your production environment.
Important: You must turn on the Chatter feature before you install WithSecure™ Cloud Protection for Salesforce.
You can upgrade WithSecure™ Cloud Protection for Salesforce from the previous version by installing the new version from the Salesforce AppExchange. For detailed upgrade instructions, refer to the Quick Installation Guide.
This section lists changes that were implemented in the latest and previous versions of WithSecure™ Cloud Protection for Salesforce. Unless mentioned otherwise, the new version includes changes from the previous version.
New Features and Enhancements in This Major Release:
- Configurable Point of Presence: Customers can now select the geographic location for data processing. Currently, available regions include the EU and US.
- Advanced Threat Analysis: Enhanced sandboxing and behavioral analysis have been integrated to amplify our multi-stage threat analysis process.
- Advanced URL Analysis: URLs without a verified reputation are escalated for comprehensive dynamic examination. This ensures detection of even the most covert malicious URLs.
- Migration to LWC for Summary page: We've enhanced the usability and responsiveness of the Summary page.
- User experience improvements: We've made several usability enhancements to our app.
- Admin page is blocked by a large number of SObjects [CAP-7216].
- Email notifications incorrectly include the SF Email Signature of the Admin [CAP-6925].
- Analytics misses events when files are uploaded repeatedly [CAP-7300].
- Enhancements to the "Open related record" functionality [CAP-6977].
New features and enhancements in this major release:
Protection status panel -- Enhanced protection status panel is to tell the admin if their Salesforce org is protected, and all relevant controls are enabled and configured.
Improved user license management – Enhanced performance of License Management UI to handle very large number of active users
Minor user experience improvements -- Usability improvements to our app.
- URL protection sometimes redirect Salesforce website to a URL which includes %e2%80%8b Zero Width Space Unicode character [CAP-6260]
- File download failure : Modify the error message shown to the user [CAP-6571]
- AFSC.FS_FeedComment: execution of AfterInsert caused by:
- System.NullPointerException: Attempt to de-reference a null object (AFSC) [CAP-6398]
- Users numbers are not aligning: Users Protected in Summary Tab, Protected users number from Report, users numbers in Licenses tab [CAP-6756]
- License use exceeding email notifications are sent despite having enough license [CAP-5877]Attempt to de-reference a null object in /scb [CAP-6707]
Important information about the release:
If you are upgrading from version 1.8.5 or older, Automatic Updates setting is switched on regardless of the previous configuration
New features and enhancements in this major release:
New future-proof architecture: The solution has been strengthened by the new architecture with a connected app that uses an API-based integration and technologies that enable enhanced protection capabilities.
Enhanced scanning for large files: Large files can now be analyzed with minimal impact on performance and with no time constraints for threat analysis.
Configurable Click-time URL Protection: More control and flexibility to configure the Click-time URL Protection for blocking malicious and phishing web links (URLs) in real-time.
User experience enhancements: Analytics user interface has been improved to provide more consistent information about the product alerts and security events.
- The user can't reply to a Chatter post due to insufficient "Edit post" permission [CAP-5836]
- WithSecure app is updated automatically even if Automatic Updates is disabled [CAP-5762]
- After upgrading to 2.0, Automatic Updates setting is switched on regardless of the previous configuration
- "Too many SOQL queries" exception when scanning multiple URLs [CAP-5813]
- URLs in uppercase are not replaced with click-time protection links [CAP-5925]
- "Too many email invocation" exception when multiple Case objects are created with malicious or disallowed web links [CAP-5934]
- Incorrect details in the alert when Automatic Updates settings are updated [CAP-5648]
- The 'Time limit exceeded' error is shown when opening the Administration user interface [CAP-6035]
- Statistics data is not populated correctly in the Protected Content Analysis report [CAP-5948]
- Old scan events and alerts are cleaned with 'hard delete' [CAP-5702]
- "License usage exceeding" alerts are not created for community user login licenses [CAP-5388]
- Cannot download files on first attempt due to a redirection issue [CAP-5635]
- System. SObjectException error is reported when removing the permission set assignments [CAP-5815]
- The Replacement_File_Id__c field in FSFileScanLog__c object does not have the read access permission for standard users [CAP-5897]
- URL Protection redirect links do not work correctly for internal users [CAP-5439]
- Incorrect user type in administrator notifications when the URL detection is triggered by external users [CAP-5513]
- The "Collection size exceeds maximum size" error is shown when the Configure alert message is opened [CAP-5594]
- Licenses are incorrectly assigned to Chatter free users [CAP-5356]
- The clickable area for the user interface panel elements is too narrow [CAP-4250]
- Performance: Using Platform Cache for pre-loading notification templates and other configuration settings [CAP-5228]
- Unhandled exception from 'Cloud Protection: License expiration check' [CAP-4656]
- The alert is not sent when WithSecure licenses are exceeded [CAP-5137]
- Missing translations for some settings in the Administration UI [CAP-5229 - CAP-5235]
- Files uploaded by guest (unauthenticated) community users are not processed correctly in Spring ’21 (CAP-4191)
- Security and performance improvements in the scan progress and complete pages (CAP-4151)
- Users with a Chatter Free license cannot post messages and comments to Chatter (CAP-4099)
- Users with a customer community login license receive email notifications when a harmful or disallowed file is uploaded (CAP-4032)
- Users with a customer community login license receive email notifications when a harmful or disallowed URL is posted (CAP-4111)
- Error is shown when posting a long URL link to Chatter (CAP-3990)
- Custom banner is not shown to community users (CAP-3991)
- Administration UI looks disordered in Firefox browser (CAP-1142)
- Replacement file is not linked with the email message when a harmful attachment is removed (CAP-3724)
- Analytics page doesn't load correctly (CAP-3754)
- Replacement_File_Id is missing in the file scan log (CAP-3774)
- URL scanning failed due to "SfdcSqlException: Inserted value too large for column" error (3794)
- Replacement file is not created for malicious file uploaded by community user in Winter'21 (CAP-3951)
- The custom message text is not shown on the scan and block pages for a community user (CAP-3970)
- Email security notifications are not sent when external users upload harmful content (CAP-3541)
- Disallowed files uploaded by community users are removed but not shown in quarantine (CAP-3657)
- An error occurred when running batch processing with the F-Secure Cloud Protection app installed (CAP-3318)
- System. DmlException: Delete failed (INSUFFICIENT_ACCESS_OR_READONLY) in AFSC. FS_LicenseService job (CAP-3426)
- Could not create a new user due to "Auto Enabled Permission Set Assignment" (CAP-3498)
- LastModifiedDate is updated when a file is downloaded and scanned by the F-Secure app (CAP-3576)
- System. UnexpectedException: Start did not return a valid iterable object (CAP-3600)
- Errors on analytics page: No access rights to the object or its fields (CAP-3604)
- F-Secure scan and block pages shown in Classical instead of Lightning UI in a community portal (CAP-1973)
- Exception error is shown when posting a message with the user mention and email address to a community portal (CAP-3025)
- URL Protection does not properly exclude URLs defined as subdomains in exclusion settings (CAP-3036)
- Hyperlinks are not properly handled in Chatter posts with user mentions (CAP-3056)
- "Query of LOB fields caused heap usage to exceed limit" error when uploading a 50MB file (CAP-3075)
- Make it possible to disable recording excluded URLs in Cloud Protection analytics (CAP-3152)
- URL Protection may fail on email addresses with illegal hex characters (CAP-801)
- Malware may not be found if uploaded as a new version of Content Document (CAP-2508)
- SHA1 search doesn't work in File Events (CAP-2902)
- F-Secure license is not assigned automatically when user profile is changed (CAP-3002)
- Handling Case objects only with changed descriptions (CAP-2512)
- Files uploaded by guest (unauthenticated) community users are not processed correctly in Spring'20 (CAP-2675)
- Lots of SOQL errors are being output in Product Basket due to FS Cloud Protection for Salesforce (CAP-1671)
- Unable to download attachments after Cloud Protection for Salesforce 1.6.6 upgrade (CAP-2297)
- Latency issue in Salesforce org due to F-Secure usage statistics update (CAP-2493)
- F-Secure jobs fails on submitting a document through a community page (CAP-2548)
- Whatsapp images get renamed after uploading via Web Chat (CAP-2071)
- AFSC. FS_EmailMessageHandler for job ID fails due to exception: AFSC: Too many query rows: 50001 (CAP-1966)
- Disallowed file protection not working for community user (CAP-1662)
- URL exclusion not working for community user (CAP-1663)
- Changed behaviour in replacement file for community user (CAP-1664)
- System. NullPointerException in AFSC. FS_AttacmentScanJobQueueable (CAP-1726)
- Permission set assignment tool is throwing an exception in large organizations (CAP-1834)
- Scan files for disallowed content does not work correctly with Partner Community users (CAP-1872)
- URL Protection causes "Something isn't right with your URL. Check that the URL starts with http:// or https:// and try again" error (CAP-1512)
- Several issues with manual and automatic license assignment (CAP-1531)
- "AFSC: Too many SOQL queries: 201" error is reported when archiving emails (CAP-1571)
- Users who have been assigned a license getting a scan error as a "Non-licensed user" (CAP-1486)
- SOQL Query For 'Third Party Query Rights' is not limiting the amount of response records (CAP-749)
- File blocked page shows 'null' as the file extension for files without an extension (CAP-1065)
- Alert links on the Summary page don't work as expected (CAP-1140)
- URLs are not scanned when uploaded to the community portal by a unauthenticated/guest user (CAP-1275)
- "Apex heap size too large" exception is reported when scanning large attachments (CAP-974)
- Query of LOB fields caused heap usage to exceed limit on manual scan of attachments (CAP-993)
- File scanning may fail due to "Connection reset" system exception (CAP-1000)
- Scanning outbound email message may fail with "Future method cannot be called from a future or batch method" error (CAP-1131)
- "Attempt to de-reference a null object" exception is reported on scanning URLs (CAP-1139)
- Outdated copyrights on the About page (CAP-1141)
New features and improvements:
- Salesforce Spring’19 support - The Spring’19 update of the Salesforce platform is fully supported.
- Unrestricted amount of file scan events - The application is now capable of storing and handling more than 200 thousand file scan events in Analytics.
- New retention intervals for Analytics events - To reduce data storage consumption, it is possible to configure automatic clean-up of File and URL protection events with intervals of one week, two weeks, one month, or two months.
- Localization for new languages - In addition to English and Japanese, the following languages are now supported: French, German, Spanish, Portuguese, Italian, Russian, Korean, Thai, and Simplified Chinese.
- System. QueryException: Non-selective query against large object types (more than 200000 rows) (CAP-463)
- AFSC. FS_User: execution of AfterInsert caused by System. AsyncException (CAP-767)
- Input validation missing for manual scan dates (CAP-809)
- Degraded URL recognition pattern for URLs with '@' sign (CAP-810)
- Redirect URL is malformed in HTML body of EmailMessage object (CAP-856)
- Manual scan job may report 'unknown' action for large files (CAP-981)
- Queueable Limit Exceeded Due to Email Alerts (CAP-990)
- Users with Japanese locale cannot install F-Secure Cloud Protection app (CAP-1006)
- Optimized the loading of the Analytics page [CAP-4741]
- The app reports too many "Failed to process string" alerts [CAP-5103]
- Some UI controls are misaligned in non-English languages [CAP-4245]
New features and improvements:
- New brand: F-Secure Business is now WithSecure™ and the solution is rebranded as WithSecure™ Cloud Protection for Salesforce.
- Automatic updateability: Starting from this release, new versions of WithSecure™ Cloud Protection app are delivered automatically to all customers. WithSecure™ pushes software upgrades based on the customers' automatic update preferences, which can be configured in the Administration UI.
- Related records in URL scan events: URL scan events now include additional information about Salesforce related records and objects where URLs are originally posted and scanned by the WithSecure™ Cloud Protection app. This allows to quickly find Chatter posts, Email messages, Case and/or Task objects where harmful or suspicious URLs are detected.
- Configurable retention intervals for alerts: It is now possible to specify how long WithSecure™ Cloud Protection alerts are kept in Analytics for reporting and security incident purposes. The retention interval can be set up to 24 months.
- Community login user licenses: The number of WithSecure™ licenses available and used for community login user licenses are shown on the License page. Community login user licenses can be assigned manually or automatically with automatic assignment rules.
- License and permission set assignment improvements: When WithSecure™ licenses or permission sets are assigned, the app creates corresponding alerts in Analytics. In case of a problem with the license or permission set assignment, the alert provides additional details.
- Configurable batch size for manual and scheduled scans: It is now possible to configure the maximum number of files to be processed in a batch. Decreasing the batch size in manual and scheduled scans prevents "Exceeded maximum time" exceptions.
- Possibility to disable scanning files in outbound emails: If File Protection causes problems with email-to-case messages, it is now possible to disable scanning files in outbound emails.
- Salesforce Platform cache: WithSecure™ Cloud Protection app is now leveraging Salesforce Platform Cache to store frequently requested data.
- New languages: The new version adds support for the following languages: Polish, Chinese (Traditional), Hungarian, Czech, Slovak, Turkish.
- Automatic license assignment does not work for the guest user [CAP-5022]
- URLs scanned in outbound email messages are not reported in URL scan events [CAP-4993]
- Users do not get a file automatically on download when using service console [CAP-4978]
- Failed to process Queueable job for class AFSC. FS_UrlScanJobQueuable due to System. NullPointerException [CAP-4264]
- System. QueryException: Non-selective query against large object type FS_Alert__c [CAP-4871]
- The image is missing on the Scan Exception and URL not found pages [CAP-4925]
- FS_URL_Scan_Log__c. Location__c picklist field does not contain Lead and Task values [CAP-4482]
- "Too many queueable jobs" exceptions when emails are sent out with attachments (CAP-4688)
- Multiple "Exception in file scanning" errors when running scheduled scans (CAP-4687)
- Security improvements to mitigate possible sharing violations (CAP-4492)
- 'AFSC. FS_CleanCacheResultBatch': Access to entity 'Group' denied: Entity is not API accessible (CAP-4527)
- Scan usage data is not reported correctly (CAP-4533)
- The F-Secure app makes unit tests fail (CAP-4429)
- The administration page loads with the following error: 'AFSC: Too many query rows: 50001' (CAP-4483)
- Excluded files are not reported in Analytics when scanned with manual scanning (CAP-4427)
- The F-Secure permission set is not assigned even after manually clicking the Assign button (CAP-4393)
- System. DmlException with ENTITY_IS_DELETED error in AFSC. FS_CleanCacheResultBatch (CAP-4385)
- Inadequate edit permissions are set for the file scan event log (CAP-4379)
- When the application fails to delete malicious or disallowed content, a critical alert is created in Analytics (CAP-4352)
- Excluded files with irregular filename extensions get quarantined as disallowed content (CAP-4355)
- File downloads may fail if users have read-only access to the library (CAP-4368)
- Scanning files on download may take more than 30 seconds to complete (CAP-4291)
- The replacement file in a Case object is generated with the wrong extension (CAP-4279)
- An incorrect filename is reported in the scan event when a new version of the file is uploaded (CAP-4299)
New features and improvements:
- Salesforce Spring ’21 support: The Spring ’21 update of the Salesforce platform is fully supported. The F-Secure app brings some changes and includes a new permission set to support guest community users better.
- License information and reporting on scan usage: The License page now provides information about available, used, and remaining licenses for standard and community user licenses. Scan usage is reported for the current month, as well as for the previous six months. The users included in the F-Secure Cloud Protection Admins group receive email notifications when the license limits or the total monthly scan quota has been exceeded.
- Improvements for license assignment: The License Assignment dialog has a new layout with the License status, Assign and Remove operations. When assigning F-Secure licenses, it is now possible to see which type of license (standard or community) is assigned. If there are more than 2000 users selected, licenses are assigned in the background.
- Targets for File Protection and exclusions based on location: It is now possible to separately enable or disable scanning Salesforce Files and Attachments. It is also possible to select locations, for example, standard and custom objects, where attachments are scanned for harmful or disallowed content upon upload.
- Included or excluded file types and extensions for malware scanning: The F-Secure app can now be configured to scan all files, except excluded, or only included, file types and extensions.
- Allowed or disallowed file types and extensions for content filtering: The F-Secure app can be configured to treat and block disallowed content based on allowed or disallowed file types and extensions.
- Targets for URL Protection: URL scanning can be enabled or disabled for specific locations such as Chatter posts and comments, inbound and outbound email messages, Case comments and descriptions.
- Scanning URLs in Lead and Task objects: The F-Secure app can now scan URLs in Lead and Task objects. For the Lead object, URLs are checked in the description and website fields. For the Task object, URLs are inspected in the description and comments field.
- Manual scan improvements: The maximum number of files that can be processed in one manual or scheduled scan job is now 500,000. Note that a special permission set needs to be created and assigned to users who run manual or scheduled scanning. Informational alerts are created when manual and scheduled scan jobs start and finish.
- New privacy control setting: The new setting defines which data F-Secure can share with third party services used for threat analysis. By default, only anonymized metadata is shared.
- Performance improvements: There are a number of changes made to improve the performance of file and URL scanning.
- Integration and customization improvements: New custom fields have been introduced to support better integration based on F-Secure custom objects.
- New F-Secure brand and other UX improvements: The new F-Secure logo and brand colors are now used in the F-Secure app. The design of the Summary, Support and other pages have also been improved.
- Manual Scanning: Files uploaded to Content libraries are not scanned (CAP-725)
- Administration UI looks disordered in Firefox (CAP-1142)
- System. QueryException (more than 200,000 rows) is reported on URL scanning (CAP-1574)
- Lock contention caused by the F-Secure app (CAP-2491)
- Users with the F-Secure Admin permission set cannot change settings (CAP-2717)
- When harmful files with a filename containing 250 characters is uploaded, the replacement file is missing (CAP-3087)
- Inconsistent behavior with URL exclusions (CAP-3101)
- File Protection: file scan events are not created when uploading a single large file (CAP-3192)
- Files with long names break filtering for disallowed content (CAP-3450)
- Duplicate entries in F-Secure license assignments (CAP-3622)
- Removal of duplicate license batch jobs throw too many DML row errors (CAP-3836)
- Harmful content is not deleted when there are millions of files in the organization (CAP-4136)
- URL Protection will detect normal strings as URLs (CAP-871)
- Automatic cache and events log cleanup caused unhandled exceptions: Argument cannot be null (CAP-877)
- It is not possible to exclude top-level domains in URL Protection (CAP-903)
- CPSF misinterprets filenames as URLs (CAP-907)
- Version info is misinterpreted as URL and replaced by a redirect link (CAP-909)
- Japanese translation improvement on File Protection page (CAP-943)
- Installation/upgrade fails when Shield encryption is used for standard objects/fields (CAP-845)
- Extra SOQL queries are made when File Protection is disabled (CAP-836)
- Unexpected Exception On EmailMessage: data changed by trigger for field HTML Body: data value too large (CAP-800)
- If the scan result is available in the cache, a file is scanned even though the File Protection is disabled (CAP-811)
- Apex script unhandled trigger exception: AFSC. FS_ContentVersion: execution of BeforeInsert (CAP-812)
- Email-to-Case: Errors encountered while processig: FIELD_CUSTOM_VALIDATION_Exception (CAP-822)
- Missing or incorrect Japanese translations
- Apex trigger AFSC. FS_Case caused an unexpected exception: System. LimitException: Regex too complicated (CAP-438)
- Apex script unhandled trigger exception by user/organization: FS_ContentVersion: execution of AfterUpdate (CAP-627)
- Manual scan reports the wrong reason for clean file event if the file is excluded from scanning (CAP-765)
- AFSC. FS_EmailMessage: System. LimitException: Regex too complicated (CAP-784)
New features and improvements:
- Salesforce Summer’18 release support - The Salesforce Summer’18 release is fully supported.
- Content filtering - The solution allows the detection and blocking of dangerous and inappropriate content that is not allowed for security or compliance policy. Disallowed files can be filtered out based on the file type or filename extension.
- On-demand and scheduled scanning - Salesforce files and attachments can be scanned for harmful and disallowed content at any time or at predefined time intervals. You can choose which files are scanned based on the creation or modification time, file type or location.
- Quarantine management - Harmful or disallowed content removed by File Protection can be viewed and restored with the new quarantine management tool.
- Automatic license assignment - Application licenses can be automatically assigned to Salesforce users based on user profiles or other criteria.
- Improved Security Cloud services - The solution leverages F-Secure Security Cloud services that have been improved with more advanced detection capabilities.
- Privacy Admin role - Application's privacy control settings can now be protected with a special permission set.
- URL Protection improvements - Malicious and unwanted URLs are checked in Case comments and EmailMessage objects.
- Filenames are treated as URLs (CAP-370)
- 'Request to file content check failed' error is reported on scanning an email object (CAP-403)
- URL Protection does not replace links in email messages coming via Email-to-Case (CAP-450)
- Installation fails with "Dependent class is invalid and needs recompilation" error (CAP-513)
- Unsafe file is not removed correctly when advanced threat scanning is disabled (CAP-558)
- The reason for an incorrect alert is reported when URL reputation check fails (CAP-607)
- Used license count is not updated correctly on the License page when the licensing mode is set to 'All users' (CAP-611)
- The replacement file has the wrong extension when a malicious attachment is uploaded (CAP-628)
- F-Secure Cloud Protection breaks files that are generated by a third-party application (CAP-645)
- "Too many queueable jobs added to the queue" error is reported when a new document is generated by Salesforce CPQ (CAP-674)
- WithSecure™ Cloud Protection app does not scan files and URLs submitted by users with a free Chatter license. This is due to a limitation in the Salesforce platform, which restricts access to Apex and custom objects for users with a free Chatter license. To mitigate risk, it is recommended to use manual or scheduled scanning for validating content uploaded by free Chatter users.
- Due to a known issue in the Salesforce platform, a harmful file added to a Chatter comment may bypass the file protection on upload if the user does not click the Submit button and subsequently refreshes the page. We hope that Salesforce resolves this issue in a future release. Nevertheless, files that are uploaded via uncommitted Chatter comments are still scanned when they are downloaded or when you run a manual scan.
- When a harmful or disallowed file is uploaded by the user to a Chatter post in the Salesforce Lightning UI and the action is set to remove the file, the post gets blocked and a replacement file is not added.
- When a harmful or disallowed file is added to a Chatter comment in the Salesforce Classic UI and the action is set to remove the file, the file is removed but a replacement file is not added.
- When the user replies to an email case and adds a malicious file in the Salesforce Lighting UI, a replacement file may not be created as expected.
The Back or Close buttons work on Firefox if the user opens the redirect link in the same tab.
- Manual or scheduled scanning may fail with a system exception when processing encrypted files, for which encryption keys have been destroyed. Removing encrypted files without encryption keys or excluding them from manual or scheduled scanning is suggested as a workaround.
Contact information and feedback
Please report any technical issues via WithSecure™ Support page.
You can also share feedback by dropping a message to email@example.com.
WithSecure™ license terms are included in the software. You must read and accept them before you can install and use the software.