Scanning an archive file type requires the product feature setting for Archive scanning to be enabled. If enabled, this flag is included in the scan request when telling the scan engine to scan the file object. If it is not enabled, the file object is still scanned, but not its contents.
When theArchive scanningoption is enabled, archive files are scanned 'in memory' by the scan engine (nothing is written to disk).
Scanning of the archive file whenArchive scanningis not enabled, can result in a detection. In that scenario the 'wrapper' for the archive is what is scanned and determined infected, not the contents. The contents would still require scanning to verify that the contents are clean.
The real-time scanner scans the contents of archives when they are extracted to disk.
Some useful article : KB92712 , KB53291
Thank you ,
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Re: How do i configure ENS to block archive files it can't open
Thanks, but that doesn't answer I question.
This is my test case,
Using a PC without virus scanning on it, I have a saved the eicar test virus to a file, I have then zipped this file twice, once with a password on the zip file, once without a password on the zip file.
I have then copied both zip files to a computer with ENS on it. ENS deletes the zip file without a password (as it should, because it contains a 'virus') But does NOT remove the file with a password on it.
but i would like it to remove the zip file with a password because I can't verify that it is safe.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.