Jump to content

Scan Password Protected Files

Guided
 Share
Go to solution Solved by Marcos,

Recommended Posts

Guided

Guided 0

Posted
Posted (edited)

It seems that Internet Security can't scan password protected files (archives) when you do a on-demand scan. So what is the best way if you want to scan its content:

1) Extracting it to a folder on your hard disk. This is could be dangerous because if its content is infected, the virus can execute immediately. (Correct me if I am wrong)

2) Open it with Winrar and scan with a command there. For Eset, what command you should enter in Winrar?

Thanks

Edited by Guided
Link to comment
Share on other sites
Guided

Guided 0

Posted
  • Author
Posted

Sometimes I turn on Microsoft Defender for an on-demand scan, today it marked a password protected archive as infected with trojan. How it could see and scan its content?

Thanks for the link to command line scan.

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,070

Posted
  • Administrators
Posted

The question is if the detection was correct, if it was just the archive itself or an email file with the archive enclosed, or if the detection was made for the password protected file, ie. without knowing its content.

Link to comment
Share on other sites
itman

itman 1,659

Posted
Posted (edited)

My best guess is this:

21 minutes ago, Marcos said:

if the detection was made for the password protected file, ie. without knowing its content.

Basically, a sig. detection for the entire archive.

Edited by itman
Link to comment
Share on other sites
Guided

Guided 0

Posted
  • Author
Posted

This was also my question, anyway I ordered to remove it. My question is: If a antivirus can not see & detect inside a password protected file, if a virus exists in its content, is there any way that the virus can be initiated from the archive and do any harm? As long as it exists but has no way to come out and be effective, we can let it be there.

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,070

Posted
  • Administrators
Posted
16 minutes ago, Guided said:

if a virus exists in its content, is there any way that the virus can be initiated from the archive and do any harm?

Not without another malicious component that would extract file(s) from the archive using a valid password.

Maybe the archive was previously attached to an email and the password was listed in the email body.

Link to comment
Share on other sites
Guided

Guided 0

Posted
  • Author
Posted
11 minutes ago, Marcos said:

Not without another malicious component that would extract file(s) from the archive using a valid password.

If all else on the pc is clean, so there should be no outside malicious component I assume?

15 minutes ago, Marcos said:

Maybe the archive was previously attached to an email and the password was listed in the email body.

No it wasn't an attachment. But I think you are correct and it was detected for some text in its file name or something similar, I don't know.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...