You are here:
Prevent Download of Custom File Types Control
Organization‑level control that blocks users from downloading specified high‑risk or sensitive file extensions stored as ContentVersion records, preventing abusive or unintended downloads of dangerous or regulated file types.
Control Name
File Upload and Download Security (Prevent download of custom file types)
Control Overview
Organization‑level control that blocks users from downloading specified high‑risk or sensitive file extensions stored as ContentVersion records, preventing abusive or unintended downloads of dangerous or regulated file types.
Description
When enabled, Salesforce checks the file extension at download time and denies access if the type is in the restricted list defined under File Upload and Download Security. This applies to files attached to records, related lists, and Experience Cloud portals.
Recommended Configuration
Security>File Upload and Download Security>Download Custom File Types as Attachments set to enable. Define a custom list that includes high‑risk extensions such as .exe, .scr, .zip, .bat, or other sensitive file types your company considers out‑of‑policy.
Security Impact
Reduces the risk that an attacker or insider can use a Salesforce‑backed user session to exfiltrate malware payloads, sensitive documents, or other regulated data via the file‑download mechanism.
Business Impact
Helps maintain compliance with internal and external data‑handling policies, supports separation of duties for document access, and limits exposure without disrupting core document workflows for allowed file types.
Security Risk If Not Configured
Unrestricted download of customer file types as attachments allows unauthorized users or compromised accounts to retrieve sensitive or high‑risk files, increasing the likelihood of data exfiltration and malware distribution.
Threat Scenarios
Risk of unauthorized retrieval of sensitive file types, increasing data exfiltration risk. For example, an insider or compromised external partner downloads confidential contracts, designs, or PHI‑containing archives through the Salesforce UI instead of a properly audited document‑management system.
Estimated CVSS Score Range
Critical (9.0–10.0).
Risk Impact Considerations
The impact is highest when combined with broad file‑sharing permissions, multiple external portals, or high‑value data assets; companies must balance security with legitimate business‑use cases for certain file types.
Higher Risk When
Experience Cloud portals or external communities allow file access, many users have broad “View All Files”–like permissions, or you store sensitive projects, designs, or regulated data as attachments.
Low Risk When
File sharing is restricted to internal users only, sensitive data is stored outside Salesforce, and strict sharing rules and monitoring are already in place for file objects.
Business and Integration Considerations
Must Have for any org that stores sensitive or high‑risk files. Make sure the list of blocked types aligns with your DLP and information‑security policies, and test changes in a sandbox to avoid breaking legitimate workflows.
Security Health Review Guidance
Must have.
Who Is Impacted
Users who can download files attached to Salesforce records, Experience Cloud portal users, system administrators managing file policies, security and compliance teams responsible for data‑exfiltration controls.
