Jump to content

Scan Password Protected Files


Go to solution Solved by Marcos,

Recommended Posts

It seems that Internet Security can't scan password protected files (archives) when you do a on-demand scan. So what is the best way if you want to scan its content:

1) Extracting it to a folder on your hard disk. This is could be dangerous because if its content is infected, the virus can execute immediately. (Correct me if I am wrong)

2) Open it with Winrar and scan with a command there. For Eset, what command you should enter in Winrar?

Thanks

Edited by Guided
Link to comment
Share on other sites

Sometimes I turn on Microsoft Defender for an on-demand scan, today it marked a password protected archive as infected with trojan. How it could see and scan its content?

Thanks for the link to command line scan.

Link to comment
Share on other sites

  • Administrators

The question is if the detection was correct, if it was just the archive itself or an email file with the archive enclosed, or if the detection was made for the password protected file, ie. without knowing its content.

Link to comment
Share on other sites

My best guess is this:

21 minutes ago, Marcos said:

if the detection was made for the password protected file, ie. without knowing its content.

Basically, a sig. detection for the entire archive.

Edited by itman
Link to comment
Share on other sites

This was also my question, anyway I ordered to remove it. My question is: If a antivirus can not see & detect inside a password protected file, if a virus exists in its content, is there any way that the virus can be initiated from the archive and do any harm? As long as it exists but has no way to come out and be effective, we can let it be there.

Link to comment
Share on other sites

  • Administrators
16 minutes ago, Guided said:

if a virus exists in its content, is there any way that the virus can be initiated from the archive and do any harm?

Not without another malicious component that would extract file(s) from the archive using a valid password.

Maybe the archive was previously attached to an email and the password was listed in the email body.

Link to comment
Share on other sites

11 minutes ago, Marcos said:

Not without another malicious component that would extract file(s) from the archive using a valid password.

If all else on the pc is clean, so there should be no outside malicious component I assume?

15 minutes ago, Marcos said:

Maybe the archive was previously attached to an email and the password was listed in the email body.

No it wasn't an attachment. But I think you are correct and it was detected for some text in its file name or something similar, I don't know.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...