mathisbilgi 0 Posted February 15 Posted February 15 Hi All, I have discovered that Ecos does not scan attachments in tar archives that contain a .bat trojan downloader. While I understand it's challenging for Ecos to scan every type of archive, I noticed it also does not submit these for analysis via Liveguard. Consequently, an email with such an attachment was delivered to the user's mailbox without detection. Could we consider enhancing this aspect to improve security?
ESET Staff product_manager_8 5 Posted February 15 ESET Staff Posted February 15 Hi @mathisbilgi , ECOS scans .tar archives so it is surprising it would not scan this one. If you have logging of clean objects turned on in your policy, you can go into Scan Logs and see the detail of the log and it should say what the result and the reason was. There may be cases when it would not be scanned, such as if the archive is password protected. But it would be helpful in diagnosing the problem if you could let us know what the detail says. thank you Peter Randziak 1
Recommended Posts