Q&A File Guard questions

bjm_

Level 3
Joined
May 17, 2015
Messages
139
OS
Windows 10
Antivirus
Microsoft
#1
Feature Settings Check – Download of Compressed Malware » AMTSO
zip and zipx pass after I add zipx extension. jar is pass. Pass means Alert dialog w Quarantine.
7zip, winrar, targz, ace, cab, lzh, rar-sfx and zip-sfx = fail...after adding their extensions (targz added also as tgz).
Fail means no Alert dialog.
File Guard.png
1890.png
1892.png
Um, is there a way to make fail extensions pass?
Thanks
 
Last edited:
D

Deleted member 65228

Guest
#2
I believe it is related to Emsisoft Anti-Malware and archive scanning support; as far as I am aware, there is none. However, even if this is really the case, this is not so much of a big deal... When you unpack the archive, the File Guard will scan the extracted objects and will flag them if there is an available detection for those objects.

If I am incorrect about archive scanning support, hopefully someone who works for the vendor like @Umbra will be able to correct me. :)
 
Last edited by a moderator:

bjm_

Level 3
Joined
May 17, 2015
Messages
139
OS
Windows 10
Antivirus
Microsoft
#3
Yes, I'm somewhat familiar with on-demand scan for archives as some AV just look at raw file. I thought since Emsisoft offered adding extensions. And since adding zipx worked. I thought adding other extensions would work too.
As you see on-demand worked for 7z and rar.
1895.png
1896.png

Presume on-demand will work with other extensions that failed.

And on-access worked for 7z and rar.
1897.png 1898.png

So, question now is. Does it work because I've added 7z and rar extensions?
Did I need to add extensions for Emsisoft to recognize archive sample?
And what happens if I uncheck Only scan files with specific extensions?
1899.png

Does Emsisoft then scan samples with any & all extensions by default?

Edit: reset all settings to default.
on-demand & on-access appear to work as above.
Just testing from Amtso site allows 7z, rar and 6 other files to reach my desktop.
If you are able to download the compressed EICAR-Testfile successfully, your Anti-Malware solution is NOT configured correctly or does not conform with industry best practice.
And what happens if I uncheck Only scan files with specific extensions?

I'm on Trial so, just trying to see whats what.
Regards w Respect
 
Last edited:
Joined
May 26, 2014
Messages
463
OS
Windows 10
Antivirus
ESET
#4
Yes, I'm somewhat familiar with on-demand scan for archives as some AV just look at raw file. I thought since Emsisoft offered adding extensions. And since adding zipx worked. I thought adding other extensions would work too.
As you see on-demand worked for 7z and rar.
View attachment 174347 View attachment 174348
Presume on-demand will work with other extensions that failed.

And on-access worked for 7z and rar.
View attachment 174350 View attachment 174351

So, question now is. Does it work because I've added 7z and rar extensions?
Did I need to add extensions for Emsisoft to recognize archive sample?
And what happens if I uncheck Only scan files with specific extensions?
View attachment 174353
Does Emsisoft then scan samples with any & all extensions by default?

Edit: reset all settings to default.
on-demand & on-access appear to work as above.
Just testing from Amtso site allows 7z, rar and 6 other files to reach my desktop.

And what happens if I uncheck Only scan files with specific extensions?

I'm on Trial so, just trying to see whats what.
Regards w Respect

Try those settings above, it will scan and detect what you want, but personally I dont see the point in this configuration, the malware is inactive and will be scanned anyway if it try to execute.

I actually use the "Fast Scan level" (scan on execution only) with very satisfactory results.

Thats how I use and recommend:


 

bjm_

Level 3
Joined
May 17, 2015
Messages
139
OS
Windows 10
Antivirus
Microsoft
#5
Try those settings above, it will scan and detect what you want, but personally I dont see the point in this configuration, the malware is inactive and will be scanned anyway if it try to execute.
I actually use the "Fast Scan level" (scan on execution only) with very satisfactory results.
Thats how I use and recommend:
Thanks. Appreciate your advice.
 
Likes: bribon77

Umbra

Level 85
Content Creator
Trusted
Joined
May 16, 2011
Messages
17,962
OS
Windows 10
Antivirus
Default-Deny
#6
Fast scan is good if you have, like me, a static system (means you don't install new apps all the time). If not the balanced one is what i recommend to average users.
 

Similar Threads

Similar Threads