Endpoint Protection

 View Only

  • 1.  is SEP12 able to scan and finde a virus in a TGZ compress file

    Posted Apr 28, 2016 05:45 AM

    can find SEP12 a virus what is compressed as a TGZ on a Windows 7 system.

    on my system with SEP 12 there will not find any virus in a TGZ compressed file. If the file without compresion there will find the file and delet the virus.

     

     



  • 2.  RE: is SEP12 able to scan and finde a virus in a TGZ compress file

    Posted Apr 28, 2016 05:49 AM

    Likely not if it does not have the correct decomposer signature to extract the file and scan inside.



  • 3.  RE: is SEP12 able to scan and finde a virus in a TGZ compress file

    Posted Apr 28, 2016 08:39 AM

    OK, thanks.

    Is there any possibility to change that, because on the system is 7zip installed and 7zip is able to decompress the files.



  • 4.  RE: is SEP12 able to scan and finde a virus in a TGZ compress file

    Posted Apr 28, 2016 08:48 AM

    In looking at the list of file extensions that SEP scans for, TGZ is not on there. So I can only assume it won't scan it.



  • 5.  RE: is SEP12 able to scan and finde a virus in a TGZ compress file

    Posted Apr 28, 2016 09:03 AM

    OK thanks.



  • 6.  RE: is SEP12 able to scan and finde a virus in a TGZ compress file

    Posted Apr 28, 2016 09:42 AM

    when a infection is sitting inside a compressed file it cannot attack the computer where it is lying until and unless it is decompressed, that's the reason symantec also recommends you to send in your virus samples in zipped file. 

     

    on the other hand even if there is an infection sitting inside a compressed file when a user or a process tries to extract/use the infected file, your auto protect will kick in to protect your PC, provided symantec is able to detect that specific infection.

     

    to be sure try downloading the ecairs test samples and put it into compressed file and the try decompressing it.



  • 7.  RE: is SEP12 able to scan and finde a virus in a TGZ compress file

    Posted Apr 28, 2016 12:37 PM

    Hi lucky72,

    Thanks for the post.  The best approach is to block those .tgz files before they reach the desktop/endpoint.  There have been waves of malicious spam in circulation recently which use this Linux compression format specifically in an attempt to evade detection.

    Support Perspective: W97M.Downloader Battle Plan
    https://www-secure.symantec.com/connect/articles/support-perspective-w97mdownloader-battle-plan

    Configure you mail server to block obscure archive attachments. The ultimate payload is often ransomware.

    Best practices for preventing and handling ransomware attacks with Symantec Endpoint Protection
    http://www.symantec.com/docs/HOWTO124710

    Hope this helps! Please update the thread with any additional questions or mark it solved if you have received your answer.

    With thanks and best regards,

    Mick



  • 8.  RE: is SEP12 able to scan and finde a virus in a TGZ compress file

    Posted Apr 29, 2016 10:12 AM

    Hi lucky72,

    Just a ping to see if you have received your answer?

    Please update the thread with any additional questions or mark it solved. &: )

    With thanks and best regards,

    Mick