Endpoint Protection

 View Only

  • 1.  Can SEP scan Password protected files and compress files (in .rar and .cab format)?

    Posted Sep 24, 2013 10:55 AM

    Hi,

     

    I need your expertise on this.

    Can SEP scan Password protected files (e.g. pdf,xls or doc) and compress files (in .rar and .cab format)?

     

    Thank you in advance!



  • 2.  RE: Can SEP scan Password protected files and compress files (in .rar and .cab format)?

    Posted Sep 24, 2013 10:57 AM

    It cannot if they're password protected. If not password protected, it should be able to scan them as normal.



  • 3.  RE: Can SEP scan Password protected files and compress files (in .rar and .cab format)?

    Trusted Advisor
    Posted Sep 24, 2013 10:57 AM

    Hello,

    Yes, it can scan the files .rar .cab .pdf .xls and .doc format files. However, password protected files would not be scanned.

    Once the password is inserted and the file gets executed, the files would be scanned by Symantec.

    The Decomposer engines built into SEP are able to interact with the great majority of compression fromats that are in use today, but ther is no way they would be able to interact with them all.  Almost every SEP client has entries like yours in its logs.

    Also: even if there is a threat inside a zip/container that SEP could not scan, SEP's Auto-Protect would catch it as soon as the malicious file was unzipped.

    Final recommendation: it would be a good idea to perform a "disk cleanup" to flush out that recycle bin and other temp locations. 

    Security Response's official Best Practices:

    http://www.symantec.com/business/theme.jsp?themeid=stopping_malware&depthpath=0

    Secondly, check this Article:

    "Could not scan [#] files inside [path][filename] due to extraction errors encountered by the Decomposer Engines" during a scan

    http://www.symantec.com/docs/TECH99755

    Hope that helps!!



  • 4.  RE: Can SEP scan Password protected files and compress files (in .rar and .cab format)?

    Broadcom Employee
    Posted Sep 24, 2013 11:04 AM

    password protected files cannot be scanned, other archive file will be scanned.

     



  • 5.  RE: Can SEP scan Password protected files and compress files (in .rar and .cab format)?

    Posted Sep 24, 2013 11:05 AM

    Thanks for that. Do you know any KB article I can refer to so I can include in my document as reference?



  • 6.  RE: Can SEP scan Password protected files and compress files (in .rar and .cab format)?

    Posted Sep 24, 2013 11:10 AM

    Thanks a lot. This helps!



  • 7.  RE: Can SEP scan Password protected files and compress files (in .rar and .cab format)?

    Posted Sep 24, 2013 11:22 AM

    This one explains the scenario's:

    http://www.symantec.com/docs/TECH99755



  • 8.  RE: Can SEP scan Password protected files and compress files (in .rar and .cab format)?

    Posted Sep 24, 2013 09:34 PM

    One more.

    Can SEP handle malformed container files?

    On ICAP, we get the following error which, if I'm not wrong, is considered a malformed container file.

    The Symantec Protection Engine has encountered a scan error
    Date/time of event = 2013-09-25 09:23:57
    Event Severity Level = Error
    Scanner = Decomposer
    Result ID = 17
    URL = no_path
    File name = ~$$QR Code (Visio Diagram).~vsd
    Client IP = 172.20.58.5
    Scan Duration (sec) = 0.001
    Connect Duration (sec) = 0.003
    Symantec Protection Engine IP address = 172.20.58.212
    Symantec Protection Engine Port number = 1344
    Uptime (in seconds) = 2246856

     



  • 9.  RE: Can SEP scan Password protected files and compress files (in .rar and .cab format)?

    Posted Sep 24, 2013 09:45 PM

    I believe it means that the decomposer engine does not have a signature to extract the container. It doesn't mean it can't always scan but just in this particular instance for this file.