Advice Request File Guard questions

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

bjm_

Level 14
Thread author
Verified
Top Poster
Well-known
May 17, 2015
667
Feature Settings Check – Download of Compressed Malware » AMTSO
zip and zipx pass after I add zipx extension. jar is pass. Pass means Alert dialog w Quarantine.
7zip, winrar, targz, ace, cab, lzh, rar-sfx and zip-sfx = fail...after adding their extensions (targz added also as tgz).
Fail means no Alert dialog.
File Guard.png
1890.png
1892.png
Um, is there a way to make fail extensions pass?
Thanks
 
Last edited:
D

Deleted member 65228

I believe it is related to Emsisoft Anti-Malware and archive scanning support; as far as I am aware, there is none. However, even if this is really the case, this is not so much of a big deal... When you unpack the archive, the File Guard will scan the extracted objects and will flag them if there is an available detection for those objects.

If I am incorrect about archive scanning support, hopefully someone who works for the vendor like @Umbra will be able to correct me. :)
 
Last edited by a moderator:
  • Like
Reactions: bribon77 and bjm_

bjm_

Level 14
Thread author
Verified
Top Poster
Well-known
May 17, 2015
667
Yes, I'm somewhat familiar with on-demand scan for archives as some AV just look at raw file. I thought since Emsisoft offered adding extensions. And since adding zipx worked. I thought adding other extensions would work too.
As you see on-demand worked for 7z and rar.
1895.png
1896.png

Presume on-demand will work with other extensions that failed.

And on-access worked for 7z and rar.
1897.png 1898.png

So, question now is. Does it work because I've added 7z and rar extensions?
Did I need to add extensions for Emsisoft to recognize archive sample?
And what happens if I uncheck Only scan files with specific extensions?
1899.png

Does Emsisoft then scan samples with any & all extensions by default?

Edit: reset all settings to default.
on-demand & on-access appear to work as above.
Just testing from Amtso site allows 7z, rar and 6 other files to reach my desktop.
If you are able to download the compressed EICAR-Testfile successfully, your Anti-Malware solution is NOT configured correctly or does not conform with industry best practice.
And what happens if I uncheck Only scan files with specific extensions?

I'm on Trial so, just trying to see whats what.
Regards w Respect
 
Last edited:

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
Yes, I'm somewhat familiar with on-demand scan for archives as some AV just look at raw file. I thought since Emsisoft offered adding extensions. And since adding zipx worked. I thought adding other extensions would work too.
As you see on-demand worked for 7z and rar.
View attachment 174347 View attachment 174348
Presume on-demand will work with other extensions that failed.

And on-access worked for 7z and rar.
View attachment 174350 View attachment 174351

So, question now is. Does it work because I've added 7z and rar extensions?
Did I need to add extensions for Emsisoft to recognize archive sample?
And what happens if I uncheck Only scan files with specific extensions?
View attachment 174353
Does Emsisoft then scan samples with any & all extensions by default?

Edit: reset all settings to default.
on-demand & on-access appear to work as above.
Just testing from Amtso site allows 7z, rar and 6 other files to reach my desktop.

And what happens if I uncheck Only scan files with specific extensions?

I'm on Trial so, just trying to see whats what.
Regards w Respect

UWfpUtERRP2ofUPsOnyTWw.png

Try those settings above, it will scan and detect what you want, but personally I dont see the point in this configuration, the malware is inactive and will be scanned anyway if it try to execute.

I actually use the "Fast Scan level" (scan on execution only) with very satisfactory results.

Thats how I use and recommend:


cf5RPlkSSZqJr9Tgo-6y2g.png
 

bjm_

Level 14
Thread author
Verified
Top Poster
Well-known
May 17, 2015
667
Try those settings above, it will scan and detect what you want, but personally I dont see the point in this configuration, the malware is inactive and will be scanned anyway if it try to execute.
I actually use the "Fast Scan level" (scan on execution only) with very satisfactory results.
Thats how I use and recommend:
Thanks. Appreciate your advice.
 
  • Like
Reactions: bribon77
D

Deleted member 178

Fast scan is good if you have, like me, a static system (means you don't install new apps all the time). If not the balanced one is what i recommend to average users.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top