cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
MalcolmC
Level 7
Report Inappropriate Content
Message 1 of 3

How do i configure ENS to block archive files it can't open

Hi All,

So i have ENS Threat prevention set to delete zip that have a (test) virus in them. That works OK.

But if i password protect the file, of course ENS can't open the zip to scan it, so it allows it onto the system.

How do i tell ENS to delete zip files it can't open to scan?
I thought this should/would have been the default behaviour.....

2 Replies
ryadav1
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: How do i configure ENS to block archive files it can't open

Hello @MalcolmC 

Scanning an archive file type requires the product feature setting for Archive scanning to be enabled. If enabled, this flag is included in the scan request when telling the scan engine to scan the file object. If it is not enabled, the file object is still scanned, but not its contents.

NOTES:

  • When the Archive scanning option is enabled, archive files are scanned 'in memory' by the scan engine (nothing is written to disk).
  • Scanning of the archive file when Archive scanning is not enabled, can result in a detection. In that scenario the 'wrapper' for the archive is what is scanned and determined infected, not the contents. The contents would still require scanning to verify that the contents are clean.
  • The real-time scanner scans the contents of archives when they are extracted to disk.

Some useful article : KB92712 , KB53291

Thank you ,

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

 

MalcolmC
Level 7
Report Inappropriate Content
Message 3 of 3

Re: How do i configure ENS to block archive files it can't open

Thanks, but that doesn't answer I question.

This is my test case,

Using a PC without virus scanning on it,
I have a saved the eicar test virus to a file, 
I have then zipped this file twice,
once with a password on the zip file,
once without a password on the zip file.

I have then copied both zip files to a computer with ENS on it.
ENS deletes the zip file without a password (as it should, because it contains a 'virus')
But does NOT remove the file with a password on it.

but i would like it to remove the zip file with a password because I can't verify that it is safe.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community