Guided 0 Posted March 12, 2021 Share Posted March 12, 2021 (edited) It seems that Internet Security can't scan password protected files (archives) when you do a on-demand scan. So what is the best way if you want to scan its content: 1) Extracting it to a folder on your hard disk. This is could be dangerous because if its content is infected, the virus can execute immediately. (Correct me if I am wrong) 2) Open it with Winrar and scan with a command there. For Eset, what command you should enter in Winrar? Thanks Edited March 12, 2021 by Guided Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 5,273 Posted March 12, 2021 Administrators Solution Share Posted March 12, 2021 No program can scan inside password protected archives, otherwise encryption would not be secure. For command line scans you can use ecls.exe (https://support.eset.com/en/kb3417). Link to comment Share on other sites More sharing options...
Guided 0 Posted March 12, 2021 Author Share Posted March 12, 2021 Sometimes I turn on Microsoft Defender for an on-demand scan, today it marked a password protected archive as infected with trojan. How it could see and scan its content? Thanks for the link to command line scan. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,273 Posted March 12, 2021 Administrators Share Posted March 12, 2021 The question is if the detection was correct, if it was just the archive itself or an email file with the archive enclosed, or if the detection was made for the password protected file, ie. without knowing its content. Link to comment Share on other sites More sharing options...
itman 1,748 Posted March 12, 2021 Share Posted March 12, 2021 (edited) My best guess is this: 21 minutes ago, Marcos said: if the detection was made for the password protected file, ie. without knowing its content. Basically, a sig. detection for the entire archive. Edited March 12, 2021 by itman Link to comment Share on other sites More sharing options...
Guided 0 Posted March 12, 2021 Author Share Posted March 12, 2021 This was also my question, anyway I ordered to remove it. My question is: If a antivirus can not see & detect inside a password protected file, if a virus exists in its content, is there any way that the virus can be initiated from the archive and do any harm? As long as it exists but has no way to come out and be effective, we can let it be there. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,273 Posted March 12, 2021 Administrators Share Posted March 12, 2021 16 minutes ago, Guided said: if a virus exists in its content, is there any way that the virus can be initiated from the archive and do any harm? Not without another malicious component that would extract file(s) from the archive using a valid password. Maybe the archive was previously attached to an email and the password was listed in the email body. soyi 1 Link to comment Share on other sites More sharing options...
Guided 0 Posted March 12, 2021 Author Share Posted March 12, 2021 11 minutes ago, Marcos said: Not without another malicious component that would extract file(s) from the archive using a valid password. If all else on the pc is clean, so there should be no outside malicious component I assume? 15 minutes ago, Marcos said: Maybe the archive was previously attached to an email and the password was listed in the email body. No it wasn't an attachment. But I think you are correct and it was detected for some text in its file name or something similar, I don't know. Link to comment Share on other sites More sharing options...
Recommended Posts