Ensure Office 365 SharePoint infected files are disallowed for download
Why This Matters
When Microsoft Defender for Office 365 detects malware in SharePoint Online, an infected file remains available for download unless you explicitly change this default behavior. Allowing infected files to be downloaded puts your organization at risk of spreading malware through shared documents. Enabling this setting ensures that files flagged as malicious are completely blocked until your security team reviews and acts on them.
What Aether365 Checks
Aether365 verifies that the DisallowInfectedFileDownload setting is enabled in your SharePoint Online tenant. This check appears in the Aether365 dashboard under microsoft-365 checks and flags noncompliant configurations where infected files remain downloadable.