Google Workspace Gmail security sandbox disabled
Description
AlphaSOC detected that Gmail's security sandbox was disabled. Disabling attachment scanning reduces a key malware detection control and may indicate a compromise within the environment.
Impact
Disabling security sandbox increases the likelihood that malicious attachments reach users, enabling delivery of malware, credential stealers, and other payloads. It reduces detection and automated blocking capabilities for inbound attachments and can increase user exposure to threats.
Severity
| Severity | Condition |
|---|---|
Medium | Google Workspace Gmail security sandbox disabled |
Investigation and Remediation
Identify the actor who performed the setting change and verify if this change was approved. Review recent mail delivery and attachment-related events for suspicious deliveries since the change. If change is unauthorized, revert the setting to enable deep scanning immediately, rotate affected credentials, and scan recent inbound attachments for malware.